diff --git a/packages/google_sign_in/google_sign_in_android/CHANGELOG.md b/packages/google_sign_in/google_sign_in_android/CHANGELOG.md index 5d8f65efa64..05954560607 100644 --- a/packages/google_sign_in/google_sign_in_android/CHANGELOG.md +++ b/packages/google_sign_in/google_sign_in_android/CHANGELOG.md @@ -1,5 +1,9 @@ -## NEXT +## 7.0.0 +* **BREAKING CHANGE**: Switches to implementing version 3.0 of the platform + interface package, rather than 2.x, significantly changing the API surface. +* Switches to Sign in with Google (`CredentialManager`) as the underlying + SDK, removing usage of the deprecated Google Sign In for Android SDK. * Updates minimum supported SDK version to Flutter 3.27/Dart 3.6. ## 6.2.1 diff --git a/packages/google_sign_in/google_sign_in_android/README.md b/packages/google_sign_in/google_sign_in_android/README.md index aeaeb9df6e9..17aa417740d 100644 --- a/packages/google_sign_in/google_sign_in_android/README.md +++ b/packages/google_sign_in/google_sign_in_android/README.md @@ -13,3 +13,25 @@ should add it to your `pubspec.yaml` as usual. [1]: https://pub.dev/packages/google_sign_in [2]: https://flutter.dev/to/endorsed-federated-plugin + +## Integration + +To use Google Sign-In, you'll need to register your application, either +[using Firebase](https://firebase.google.com/docs/android/setup), or +[directly with Google Cloud Platform](https://developer.android.com/identity/sign-in/credential-manager-siwg#set-google). + +* If you are use the `google-services.json` file and Gradle-based registration + system, no identifiers need to be provided in Dart when initializing the + `GoogleSignIn` instance when running on Android. +* If you are not using `google-services.json`, you need to pass the client + ID of the *web* application you registered as the `serverClientId` when + initializing the `GoogleSignIn` instance. + +If you encounter `APIException` errors, double-check that you have followed all +of the registration steps in the instructions above. + +You will also need to enable any OAuth APIs that you want, using the +[Google Cloud Platform API manager](https://console.developers.google.com/). For +example, if you want to mimic the behavior of the Google Sign-In example app, +you'll need to enable the +[Google People API](https://developers.google.com/people/). diff --git a/packages/google_sign_in/google_sign_in_android/android/build.gradle b/packages/google_sign_in/google_sign_in_android/android/build.gradle index 74e7499377b..829160c5e0e 100644 --- a/packages/google_sign_in/google_sign_in_android/android/build.gradle +++ b/packages/google_sign_in/google_sign_in_android/android/build.gradle @@ -2,6 +2,7 @@ group 'io.flutter.plugins.googlesignin' version '1.0-SNAPSHOT' buildscript { + ext.kotlin_version = '2.1.10' repositories { google() mavenCentral() @@ -9,6 +10,7 @@ buildscript { dependencies { classpath 'com.android.tools.build:gradle:8.5.0' + classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version" } } @@ -20,6 +22,7 @@ rootProject.allprojects { } apply plugin: 'com.android.library' +apply plugin: 'kotlin-android' android { namespace 'io.flutter.plugins.googlesignin' @@ -35,6 +38,14 @@ android { targetCompatibility JavaVersion.VERSION_11 } + kotlinOptions { + jvmTarget = '11' + } + + sourceSets { + main.java.srcDirs += 'src/main/kotlin' + } + lintOptions { checkAllWarnings true warningsAsErrors true @@ -56,7 +67,10 @@ android { } dependencies { - implementation 'com.google.android.gms:play-services-auth:21.0.0' + implementation 'androidx.credentials:credentials:1.5.0' + implementation 'androidx.credentials:credentials-play-services-auth:1.5.0' + implementation 'com.google.android.libraries.identity.googleid:googleid:1.1.1' + implementation 'com.google.android.gms:play-services-auth:21.3.0' testImplementation 'junit:junit:4.13.2' testImplementation 'org.mockito:mockito-inline:5.2.0' } diff --git a/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java b/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java index 46294212703..edab543e932 100644 --- a/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java +++ b/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java @@ -7,36 +7,50 @@ import android.accounts.Account; import android.annotation.SuppressLint; import android.app.Activity; +import android.app.PendingIntent; import android.content.Context; import android.content.Intent; -import android.os.Handler; -import android.os.Looper; -import android.util.Log; +import android.content.IntentSender; +import android.net.Uri; import androidx.annotation.NonNull; import androidx.annotation.Nullable; import androidx.annotation.VisibleForTesting; -import com.google.android.gms.auth.GoogleAuthUtil; -import com.google.android.gms.auth.UserRecoverableAuthException; -import com.google.android.gms.auth.api.signin.GoogleSignIn; -import com.google.android.gms.auth.api.signin.GoogleSignInAccount; -import com.google.android.gms.auth.api.signin.GoogleSignInClient; -import com.google.android.gms.auth.api.signin.GoogleSignInOptions; -import com.google.android.gms.auth.api.signin.GoogleSignInStatusCodes; +import androidx.credentials.ClearCredentialStateRequest; +import androidx.credentials.Credential; +import androidx.credentials.CredentialManager; +import androidx.credentials.CredentialManagerCallback; +import androidx.credentials.CustomCredential; +import androidx.credentials.GetCredentialRequest; +import androidx.credentials.GetCredentialResponse; +import androidx.credentials.exceptions.ClearCredentialException; +import androidx.credentials.exceptions.GetCredentialCancellationException; +import androidx.credentials.exceptions.GetCredentialException; +import androidx.credentials.exceptions.GetCredentialInterruptedException; +import androidx.credentials.exceptions.GetCredentialProviderConfigurationException; +import androidx.credentials.exceptions.GetCredentialUnsupportedException; +import androidx.credentials.exceptions.NoCredentialException; +import com.google.android.gms.auth.api.identity.AuthorizationClient; +import com.google.android.gms.auth.api.identity.AuthorizationRequest; +import com.google.android.gms.auth.api.identity.AuthorizationResult; +import com.google.android.gms.auth.api.identity.Identity; import com.google.android.gms.common.api.ApiException; -import com.google.android.gms.common.api.CommonStatusCodes; import com.google.android.gms.common.api.Scope; -import com.google.android.gms.tasks.RuntimeExecutionException; -import com.google.android.gms.tasks.Task; +import com.google.android.libraries.identity.googleid.GetGoogleIdOption; +import com.google.android.libraries.identity.googleid.GetSignInWithGoogleOption; +import com.google.android.libraries.identity.googleid.GoogleIdTokenCredential; +import io.flutter.Log; import io.flutter.embedding.engine.plugins.FlutterPlugin; import io.flutter.embedding.engine.plugins.activity.ActivityAware; import io.flutter.embedding.engine.plugins.activity.ActivityPluginBinding; import io.flutter.plugin.common.BinaryMessenger; import io.flutter.plugin.common.PluginRegistry; -import io.flutter.plugins.googlesignin.Messages.FlutterError; -import io.flutter.plugins.googlesignin.Messages.GoogleSignInApi; import java.util.ArrayList; import java.util.List; import java.util.Objects; +import java.util.concurrent.Executors; +import kotlin.Result; +import kotlin.Unit; +import kotlin.jvm.functions.Function1; /** Google sign-in plugin for Flutter. */ public class GoogleSignInPlugin implements FlutterPlugin, ActivityAware { @@ -44,20 +58,28 @@ public class GoogleSignInPlugin implements FlutterPlugin, ActivityAware { private @Nullable BinaryMessenger messenger; private ActivityPluginBinding activityPluginBinding; + private void initInstance(@NonNull BinaryMessenger messenger, @NonNull Context context) { + initWithDelegate( + messenger, + new Delegate( + context, + (@NonNull Context c) -> CredentialManager.create(c), + (@NonNull Context c) -> Identity.getAuthorizationClient(c), + (@NonNull Credential credential) -> + GoogleIdTokenCredential.createFrom(credential.getData()))); + } + @VisibleForTesting - public void initInstance( - @NonNull BinaryMessenger messenger, - @NonNull Context context, - @NonNull GoogleSignInWrapper googleSignInWrapper) { + void initWithDelegate(@NonNull BinaryMessenger messenger, @NonNull Delegate delegate) { this.messenger = messenger; - delegate = new Delegate(context, googleSignInWrapper); - GoogleSignInApi.setUp(messenger, delegate); + this.delegate = delegate; + GoogleSignInApi.Companion.setUp(messenger, delegate); } private void dispose() { delegate = null; if (messenger != null) { - GoogleSignInApi.setUp(messenger, null); + GoogleSignInApi.Companion.setUp(messenger, null); messenger = null; } } @@ -76,8 +98,7 @@ private void disposeActivity() { @Override public void onAttachedToEngine(@NonNull FlutterPluginBinding binding) { - initInstance( - binding.getBinaryMessenger(), binding.getApplicationContext(), new GoogleSignInWrapper()); + initInstance(binding.getBinaryMessenger(), binding.getApplicationContext()); } @Override @@ -106,42 +127,58 @@ public void onDetachedFromActivity() { disposeActivity(); } + // Creates CredentialManager instances. This is provided to be overridden for tests. + @VisibleForTesting + public interface CredentialManagerFactory { + @NonNull + CredentialManager create(@NonNull Context context); + } + + // Creates AuthorizationClient instances. This is provided to be overridden for tests. + @VisibleForTesting + public interface AuthorizationClientFactory { + @NonNull + AuthorizationClient create(@NonNull Context context); + } + + // Creates GoogleIdTokenCredential instances from Credential instances. This is provided + // to be overridden for tests. + @VisibleForTesting + public interface GoogleIdCredentialConverter { + @NonNull + GoogleIdTokenCredential createFrom(@NonNull Credential credential); + } + /** * Delegate class that does the work for the Google sign-in plugin. This is exposed as a dedicated * class for use in other plugins that wrap basic sign-in functionality. * *

All methods in this class assume that they are run to completion before any other method is - * invoked. In this context, "run to completion" means that their {@link Messages.Result} argument - * has been completed (either successfully or in error). This class provides no synchronization - * constructs to guarantee such behavior; callers are responsible for providing such guarantees. + * invoked. In this context, "run to completion" means that their callback argument has been + * completed (either successfully or in error). This class provides no synchronization constructs + * to guarantee such behavior; callers are responsible for providing such guarantees. */ public static class Delegate implements PluginRegistry.ActivityResultListener, GoogleSignInApi { - private static final int REQUEST_CODE_SIGNIN = 53293; - private static final int REQUEST_CODE_RECOVER_AUTH = 53294; - @VisibleForTesting static final int REQUEST_CODE_REQUEST_SCOPE = 53295; - - private static final String ERROR_REASON_EXCEPTION = "exception"; - private static final String ERROR_REASON_STATUS = "status"; - // These error codes must match with ones declared on iOS and Dart sides. - private static final String ERROR_REASON_SIGN_IN_CANCELED = "sign_in_canceled"; - private static final String ERROR_REASON_SIGN_IN_REQUIRED = "sign_in_required"; - private static final String ERROR_REASON_NETWORK_ERROR = "network_error"; - private static final String ERROR_REASON_SIGN_IN_FAILED = "sign_in_failed"; - private static final String ERROR_FAILURE_TO_RECOVER_AUTH = "failed_to_recover_auth"; - private static final String ERROR_USER_RECOVERABLE_AUTH = "user_recoverable_auth"; + @VisibleForTesting static final int REQUEST_CODE_AUTHORIZE = 53294; private final @NonNull Context context; - // Only set activity for v2 embedder. Always access activity from getActivity() method. + private final @NonNull CredentialManagerFactory credentialManagerFactory; + private final @NonNull AuthorizationClientFactory authorizationClientFactory; + final @NonNull GoogleIdCredentialConverter credentialConverter; + // Always access activity from getActivity() method. private @Nullable Activity activity; - private final GoogleSignInWrapper googleSignInWrapper; - private GoogleSignInClient signInClient; - private List requestedScopes; - private PendingOperation pendingOperation; + private Function1, Unit> pendingAuthorizationCallback; - public Delegate(@NonNull Context context, @NonNull GoogleSignInWrapper googleSignInWrapper) { + public Delegate( + @NonNull Context context, + @NonNull CredentialManagerFactory credentialManagerFactory, + @NonNull AuthorizationClientFactory authorizationClientFactory, + @NonNull GoogleIdCredentialConverter credentialConverter) { this.context = context; - this.googleSignInWrapper = googleSignInWrapper; + this.credentialManagerFactory = credentialManagerFactory; + this.authorizationClientFactory = authorizationClientFactory; + this.credentialConverter = credentialConverter; } public void setActivity(@Nullable Activity activity) { @@ -153,433 +190,264 @@ public void setActivity(@Nullable Activity activity) { return activity; } - private void checkAndSetPendingOperation( - String method, - Messages.Result userDataResult, - Messages.VoidResult voidResult, - Messages.Result boolResult, - Messages.Result stringResult, - Object data) { - if (pendingOperation != null) { - throw new IllegalStateException( - "Concurrent operations detected: " + pendingOperation.method + ", " + method); + @Override + public @Nullable String getGoogleServicesJsonServerClientId() { + @SuppressLint("DiscouragedApi") + int webClientIdIdentifier = + context + .getResources() + .getIdentifier("default_web_client_id", "string", context.getPackageName()); + if (webClientIdIdentifier != 0) { + return context.getString(webClientIdIdentifier); } - pendingOperation = - new PendingOperation(method, userDataResult, voidResult, boolResult, stringResult, data); - } - - private void checkAndSetPendingSignInOperation( - String method, @NonNull Messages.Result result) { - checkAndSetPendingOperation(method, result, null, null, null, null); - } - - private void checkAndSetPendingVoidOperation( - String method, @NonNull Messages.VoidResult result) { - checkAndSetPendingOperation(method, null, result, null, null, null); - } - - private void checkAndSetPendingBoolOperation( - String method, @NonNull Messages.Result result) { - checkAndSetPendingOperation(method, null, null, result, null, null); + return null; } - private void checkAndSetPendingStringOperation( - String method, @NonNull Messages.Result result, @Nullable Object data) { - checkAndSetPendingOperation(method, null, null, null, result, data); - } - - private void checkAndSetPendingAccessTokenOperation( - String method, Messages.Result result, @NonNull Object data) { - checkAndSetPendingStringOperation(method, result, data); - } - - /** - * Initializes this delegate so that it is ready to perform other operations. The Dart code - * guarantees that this will be called and completed before any other methods are invoked. - */ @Override - public void init(@NonNull Messages.InitParams params) { + public void getCredential( + @NonNull GetCredentialRequestParams params, + @NonNull Function1, Unit> callback) { try { - GoogleSignInOptions.Builder optionsBuilder; - - switch (params.getSignInType()) { - case GAMES: - optionsBuilder = - new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_GAMES_SIGN_IN); - break; - case STANDARD: - optionsBuilder = - new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN).requestEmail(); - break; - default: - throw new IllegalStateException("Unknown signInOption"); - } - - // The clientId parameter is not supported on Android. - // Android apps are identified by their package name and the SHA-1 of their signing key. - // https://developers.google.com/android/guides/client-auth - // https://developers.google.com/identity/sign-in/android/start#configure-a-google-api-project String serverClientId = params.getServerClientId(); - if (!isNullOrEmpty(params.getClientId()) && isNullOrEmpty(serverClientId)) { - Log.w( - "google_sign_in", - "clientId is not supported on Android and is interpreted as serverClientId. " - + "Use serverClientId instead to suppress this warning."); - serverClientId = params.getClientId(); + if (serverClientId == null || serverClientId.isEmpty()) { + ResultUtilsKt.completeWithGetCredentialFailure( + callback, + new GetCredentialFailure( + GetCredentialFailureType.MISSING_SERVER_CLIENT_ID, + "CredentialManager requires a serverClientId.", + null)); + return; } - if (isNullOrEmpty(serverClientId)) { - // Only requests a clientId if google-services.json was present and parsed - // by the google-services Gradle script. - // TODO(jackson): Perhaps we should provide a mechanism to override this - // behavior. - @SuppressLint("DiscouragedApi") - int webClientIdIdentifier = - context - .getResources() - .getIdentifier("default_web_client_id", "string", context.getPackageName()); - if (webClientIdIdentifier != 0) { - serverClientId = context.getString(webClientIdIdentifier); + String nonce = params.getNonce(); + GetCredentialRequest.Builder requestBuilder = new GetCredentialRequest.Builder(); + if (params.getUseButtonFlow()) { + GetSignInWithGoogleOption.Builder optionBuilder = + new GetSignInWithGoogleOption.Builder(serverClientId); + if (nonce != null) { + optionBuilder.setNonce(nonce); } + requestBuilder.addCredentialOption(optionBuilder.build()); + } else { + GetCredentialRequestGoogleIdOptionParams optionParams = params.getGoogleIdOptionParams(); + GetGoogleIdOption.Builder optionBuilder = + new GetGoogleIdOption.Builder() + .setFilterByAuthorizedAccounts(optionParams.getFilterToAuthorized()) + .setAutoSelectEnabled(optionParams.getAutoSelectEnabled()) + .setServerClientId(serverClientId); + if (nonce != null) { + optionBuilder.setNonce(nonce); + } + requestBuilder.addCredentialOption(optionBuilder.build()); } - if (!isNullOrEmpty(serverClientId)) { - optionsBuilder.requestIdToken(serverClientId); - optionsBuilder.requestServerAuthCode( - serverClientId, params.getForceCodeForRefreshToken()); - } - requestedScopes = params.getScopes(); - for (String scope : requestedScopes) { - optionsBuilder.requestScopes(new Scope(scope)); - } - if (!isNullOrEmpty(params.getHostedDomain())) { - optionsBuilder.setHostedDomain(params.getHostedDomain()); - } - - String forceAccountName = params.getForceAccountName(); - if (!isNullOrEmpty(forceAccountName)) { - optionsBuilder.setAccountName(forceAccountName); - } - - signInClient = googleSignInWrapper.getClient(context, optionsBuilder.build()); - } catch (Exception e) { - throw new FlutterError(ERROR_REASON_EXCEPTION, e.getMessage(), null); - } - } - - /** - * Returns the account information for the user who is signed in to this app. If no user is - * signed in, tries to sign the user in without displaying any user interface. - */ - @Override - public void signInSilently(@NonNull Messages.Result result) { - checkAndSetPendingSignInOperation("signInSilently", result); - Task task = signInClient.silentSignIn(); - if (task.isComplete()) { - // There's immediate result available. - onSignInResult(task); - } else { - task.addOnCompleteListener(this::onSignInResult); - } - } - /** - * Signs the user in via the sign-in user interface, including the OAuth consent flow if scopes - * were requested. - */ - @Override - public void signIn(@NonNull Messages.Result result) { - if (getActivity() == null) { - throw new IllegalStateException("signIn needs a foreground activity"); - } - checkAndSetPendingSignInOperation("signIn", result); - - Intent signInIntent = signInClient.getSignInIntent(); - getActivity().startActivityForResult(signInIntent, REQUEST_CODE_SIGNIN); - } - - /** - * Signs the user out. Their credentials may remain valid, meaning they'll be able to silently - * sign back in. - */ - @Override - public void signOut(@NonNull Messages.VoidResult result) { - checkAndSetPendingVoidOperation("signOut", result); - - signInClient - .signOut() - .addOnCompleteListener( - task -> { - if (task.isSuccessful()) { - finishWithSuccess(); + CredentialManager credentialManager = credentialManagerFactory.create(context); + credentialManager.getCredentialAsync( + context, + requestBuilder.build(), + null, + Executors.newSingleThreadExecutor(), + new CredentialManagerCallback<>() { + @Override + public void onResult(GetCredentialResponse response) { + Credential credential = response.getCredential(); + if (credential instanceof CustomCredential + && credential + .getType() + .equals(GoogleIdTokenCredential.TYPE_GOOGLE_ID_TOKEN_CREDENTIAL)) { + GoogleIdTokenCredential googleIdTokenCredential = + credentialConverter.createFrom(credential); + Uri profilePictureUri = googleIdTokenCredential.getProfilePictureUri(); + ResultUtilsKt.completeWithGetGetCredentialResult( + callback, + new GetCredentialSuccess( + new PlatformGoogleIdTokenCredential( + googleIdTokenCredential.getDisplayName(), + googleIdTokenCredential.getFamilyName(), + googleIdTokenCredential.getGivenName(), + googleIdTokenCredential.getId(), + googleIdTokenCredential.getIdToken(), + profilePictureUri == null ? null : profilePictureUri.toString()))); } else { - finishWithError(ERROR_REASON_STATUS, "Failed to signout."); + ResultUtilsKt.completeWithGetCredentialFailure( + callback, + new GetCredentialFailure( + GetCredentialFailureType.UNEXPECTED_CREDENTIAL_TYPE, + "Unexpected credential type: " + credential, + null)); } - }); - } + } - /** Signs the user out, and revokes their credentials. */ - @Override - public void disconnect(@NonNull Messages.VoidResult result) { - checkAndSetPendingVoidOperation("disconnect", result); - - signInClient - .revokeAccess() - .addOnCompleteListener( - task -> { - if (task.isSuccessful()) { - finishWithSuccess(); + @Override + public void onError(@NonNull GetCredentialException e) { + GetCredentialFailureType type; + if (e instanceof GetCredentialCancellationException) { + type = GetCredentialFailureType.CANCELED; + } else if (e instanceof GetCredentialInterruptedException) { + type = GetCredentialFailureType.INTERRUPTED; + } else if (e instanceof GetCredentialProviderConfigurationException) { + type = GetCredentialFailureType.PROVIDER_CONFIGURATION_ISSUE; + } else if (e instanceof GetCredentialUnsupportedException) { + type = GetCredentialFailureType.UNSUPPORTED; + } else if (e instanceof NoCredentialException) { + type = GetCredentialFailureType.NO_CREDENTIAL; } else { - finishWithError(ERROR_REASON_STATUS, "Failed to disconnect."); + type = GetCredentialFailureType.UNKNOWN; } - }); - } - - /** Checks if there is a signed in user. */ - @NonNull - @Override - public Boolean isSignedIn() { - return GoogleSignIn.getLastSignedInAccount(context) != null; - } - - @Override - public void requestScopes( - @NonNull List scopes, @NonNull Messages.Result result) { - checkAndSetPendingBoolOperation("requestScopes", result); - - GoogleSignInAccount account = googleSignInWrapper.getLastSignedInAccount(context); - if (account == null) { - finishWithError(ERROR_REASON_SIGN_IN_REQUIRED, "No account to grant scopes."); - return; - } - - List wrappedScopes = new ArrayList<>(); - - for (String scope : scopes) { - Scope wrappedScope = new Scope(scope); - if (!googleSignInWrapper.hasPermissions(account, wrappedScope)) { - wrappedScopes.add(wrappedScope); - } - } - - if (wrappedScopes.isEmpty()) { - finishWithBoolean(true); - return; - } - - googleSignInWrapper.requestPermissions( - getActivity(), REQUEST_CODE_REQUEST_SCOPE, account, wrappedScopes.toArray(new Scope[0])); - } - - private void onSignInResult(Task completedTask) { - try { - GoogleSignInAccount account = completedTask.getResult(ApiException.class); - onSignInAccount(account); - } catch (ApiException e) { - // Forward all errors and let Dart decide how to handle. - String errorCode = errorCodeForStatus(e.getStatusCode()); - finishWithError(errorCode, e.toString()); - } catch (RuntimeExecutionException e) { - finishWithError(ERROR_REASON_EXCEPTION, e.toString()); - } - } - - private void onSignInAccount(GoogleSignInAccount account) { - final Messages.UserData.Builder builder = - new Messages.UserData.Builder() - // TODO(stuartmorgan): Test with games sign-in; according to docs these could be null - // as the games login request is currently constructed, but the public Dart API - // assumes they are non-null, so the sign-in query may need to change to - // include requestEmail() and requestProfile(). - .setEmail(account.getEmail()) - .setId(account.getId()) - .setIdToken(account.getIdToken()) - .setServerAuthCode(account.getServerAuthCode()) - .setDisplayName(account.getDisplayName()); - if (account.getPhotoUrl() != null) { - builder.setPhotoUrl(account.getPhotoUrl().toString()); - } - finishWithUserData(builder.build()); - } - - private String errorCodeForStatus(int statusCode) { - switch (statusCode) { - case GoogleSignInStatusCodes.SIGN_IN_CANCELLED: - return ERROR_REASON_SIGN_IN_CANCELED; - case CommonStatusCodes.SIGN_IN_REQUIRED: - return ERROR_REASON_SIGN_IN_REQUIRED; - case CommonStatusCodes.NETWORK_ERROR: - return ERROR_REASON_NETWORK_ERROR; - case GoogleSignInStatusCodes.SIGN_IN_CURRENTLY_IN_PROGRESS: - case GoogleSignInStatusCodes.SIGN_IN_FAILED: - case CommonStatusCodes.INVALID_ACCOUNT: - case CommonStatusCodes.INTERNAL_ERROR: - default: - return ERROR_REASON_SIGN_IN_FAILED; - } - } - - private void finishWithSuccess() { - Objects.requireNonNull(pendingOperation.voidResult).success(); - pendingOperation = null; - } - - private void finishWithBoolean(Boolean value) { - Objects.requireNonNull(pendingOperation.boolResult).success(value); - pendingOperation = null; - } - - private void finishWithUserData(Messages.UserData data) { - Objects.requireNonNull(pendingOperation.userDataResult).success(data); - pendingOperation = null; - } - - private void finishWithError(String errorCode, String errorMessage) { - if (pendingOperation.voidResult != null) { - Objects.requireNonNull(pendingOperation.voidResult) - .error(new FlutterError(errorCode, errorMessage, null)); - } else { - Messages.Result result; - if (pendingOperation.userDataResult != null) { - result = pendingOperation.userDataResult; - } else if (pendingOperation.boolResult != null) { - result = pendingOperation.boolResult; - } else { - result = pendingOperation.stringResult; - } - Objects.requireNonNull(result).error(new FlutterError(errorCode, errorMessage, null)); - } - pendingOperation = null; - } - - private static boolean isNullOrEmpty(@Nullable String s) { - return s == null || s.isEmpty(); - } - - private static class PendingOperation { - final @NonNull String method; - final @Nullable Messages.Result userDataResult; - final @Nullable Messages.VoidResult voidResult; - final @Nullable Messages.Result boolResult; - final @Nullable Messages.Result stringResult; - final @Nullable Object data; - - PendingOperation( - @NonNull String method, - @Nullable Messages.Result userDataResult, - @Nullable Messages.VoidResult voidResult, - @Nullable Messages.Result boolResult, - @Nullable Messages.Result stringResult, - @Nullable Object data) { - assert (userDataResult != null - || voidResult != null - || boolResult != null - || stringResult != null); - this.method = method; - this.userDataResult = userDataResult; - this.voidResult = voidResult; - this.boolResult = boolResult; - this.stringResult = stringResult; - this.data = data; + // Errors are reported through the return value as structured data, rather than + // a Result error's PlatformException. + ResultUtilsKt.completeWithGetCredentialFailure( + callback, new GetCredentialFailure(type, e.getMessage(), null)); + } + }); + } catch (RuntimeException e) { + ResultUtilsKt.completeWithGetCredentialFailure( + callback, + new GetCredentialFailure( + GetCredentialFailureType.UNKNOWN, + e.getMessage(), + "Cause: " + e.getCause() + ", Stacktrace: " + Log.getStackTraceString(e))); } } - /** - * Clears the token kept in the client side cache. - * - *

Runs on a background task queue. - */ @Override - public void clearAuthCache(@NonNull String token) { - try { - GoogleAuthUtil.clearToken(context, token); - } catch (Exception e) { - throw new FlutterError(ERROR_REASON_EXCEPTION, e.getMessage(), null); - } + public void clearCredentialState(@NonNull Function1, Unit> callback) { + CredentialManager credentialManager = credentialManagerFactory.create(context); + credentialManager.clearCredentialStateAsync( + new ClearCredentialStateRequest(), + null, + Executors.newSingleThreadExecutor(), + new CredentialManagerCallback<>() { + @Override + public void onResult(Void result) { + ResultUtilsKt.completeWithClearCredentialStateSuccess(callback); + } + + @Override + public void onError(@NonNull ClearCredentialException e) { + ResultUtilsKt.completeWithClearCredentialStateError( + callback, new FlutterError("Clear Failed", e.getMessage(), null)); + } + }); } - /** - * Gets an OAuth access token with the scopes that were specified during initialization for the - * user with the specified email address. - * - *

Runs on a background task queue. - * - *

If shouldRecoverAuth is set to true and user needs to recover authentication for method to - * complete, the method will attempt to recover authentication and rerun method. - */ @Override - public void getAccessToken( - @NonNull String email, - @NonNull Boolean shouldRecoverAuth, - @NonNull Messages.Result result) { + public void authorize( + @NonNull PlatformAuthorizationRequest params, + boolean promptIfUnauthorized, + @NonNull Function1, Unit> callback) { try { - Account account = new Account(email, "com.google"); - String scopesStr = "oauth2:" + String.join(" ", requestedScopes); - String token = GoogleAuthUtil.getToken(context, account, scopesStr); - result.success(token); - } catch (UserRecoverableAuthException e) { - // This method runs in a background task queue; hop to the main thread for interactions with - // plugin state and activities. - final Handler handler = new Handler(Looper.getMainLooper()); - handler.post( - () -> { - if (shouldRecoverAuth && pendingOperation == null) { - Activity activity = getActivity(); - if (activity == null) { - result.error( - new FlutterError( - ERROR_USER_RECOVERABLE_AUTH, - "Cannot recover auth because app is not in foreground. " - + e.getLocalizedMessage(), - null)); - } else { - checkAndSetPendingAccessTokenOperation("getTokens", result, email); - Intent recoveryIntent = e.getIntent(); - activity.startActivityForResult(recoveryIntent, REQUEST_CODE_RECOVER_AUTH); - } - } else { - result.error( - new FlutterError(ERROR_USER_RECOVERABLE_AUTH, e.getLocalizedMessage(), null)); - } - }); - } catch (Exception e) { - result.error(new FlutterError(ERROR_REASON_EXCEPTION, e.getMessage(), null)); + List requestedScopes = new ArrayList<>(); + for (String scope : params.getScopes()) { + requestedScopes.add(new Scope(scope)); + } + AuthorizationRequest.Builder authorizationRequestBuilder = + AuthorizationRequest.builder().setRequestedScopes(requestedScopes); + if (params.getHostedDomain() != null) { + authorizationRequestBuilder.filterByHostedDomain(params.getHostedDomain()); + } + if (params.getServerClientIdForForcedRefreshToken() != null) { + authorizationRequestBuilder.requestOfflineAccess( + params.getServerClientIdForForcedRefreshToken(), true); + } + if (params.getAccountEmail() != null) { + authorizationRequestBuilder.setAccount( + new Account(params.getAccountEmail(), "com.google")); + } + AuthorizationRequest authorizationRequest = authorizationRequestBuilder.build(); + authorizationClientFactory + .create(context) + .authorize(authorizationRequest) + .addOnSuccessListener( + authorizationResult -> { + if (authorizationResult.hasResolution()) { + if (promptIfUnauthorized) { + Activity activity = getActivity(); + if (activity == null) { + ResultUtilsKt.completeWithAuthorizeFailure( + callback, + new AuthorizeFailure( + AuthorizeFailureType.NO_ACTIVITY, "No activity available", null)); + return; + } + // Prompt for access. `callback` will be resolved in onActivityResult. + // There must be a pending intent if hasResolution() was true. + PendingIntent pendingIntent = + Objects.requireNonNull(authorizationResult.getPendingIntent()); + try { + pendingAuthorizationCallback = callback; + activity.startIntentSenderForResult( + pendingIntent.getIntentSender(), + REQUEST_CODE_AUTHORIZE, + /* fillInIntent */ null, + /* flagsMask */ 0, + /* flagsValue */ 0, + /* extraFlags */ 0, + /* options */ null); + } catch (IntentSender.SendIntentException e) { + pendingAuthorizationCallback = null; + ResultUtilsKt.completeWithAuthorizeFailure( + callback, + new AuthorizeFailure( + AuthorizeFailureType.PENDING_INTENT_EXCEPTION, + e.getMessage(), + null)); + } + } else { + ResultUtilsKt.completeWithAuthorizeFailure( + callback, + new AuthorizeFailure(AuthorizeFailureType.UNAUTHORIZED, null, null)); + } + } else { + ResultUtilsKt.completeWithAuthorizationResult( + callback, + new PlatformAuthorizationResult( + authorizationResult.getAccessToken(), + authorizationResult.getServerAuthCode(), + authorizationResult.getGrantedScopes())); + } + }) + .addOnFailureListener( + e -> + ResultUtilsKt.completeWithAuthorizeFailure( + callback, + new AuthorizeFailure( + AuthorizeFailureType.AUTHORIZE_FAILURE, e.getMessage(), null))); + } catch (RuntimeException e) { + ResultUtilsKt.completeWithAuthorizeFailure( + callback, + new AuthorizeFailure( + AuthorizeFailureType.API_EXCEPTION, + e.getMessage(), + "Cause: " + e.getCause() + ", Stacktrace: " + Log.getStackTraceString(e))); } } @Override public boolean onActivityResult(int requestCode, int resultCode, @Nullable Intent data) { - if (pendingOperation == null) { - return false; - } - switch (requestCode) { - case REQUEST_CODE_RECOVER_AUTH: - if (resultCode == Activity.RESULT_OK) { - // Recover the previous result and data and attempt to get tokens again. - Messages.Result result = Objects.requireNonNull(pendingOperation.stringResult); - String email = (String) Objects.requireNonNull(pendingOperation.data); - pendingOperation = null; - getAccessToken(email, false, result); - } else { - finishWithError( - ERROR_FAILURE_TO_RECOVER_AUTH, "Failed attempt to recover authentication"); + if (requestCode == REQUEST_CODE_AUTHORIZE) { + if (pendingAuthorizationCallback != null) { + try { + AuthorizationResult authorizationResult = + authorizationClientFactory.create(context).getAuthorizationResultFromIntent(data); + ResultUtilsKt.completeWithAuthorizationResult( + pendingAuthorizationCallback, + new PlatformAuthorizationResult( + authorizationResult.getAccessToken(), + authorizationResult.getServerAuthCode(), + authorizationResult.getGrantedScopes())); + return true; + } catch (ApiException e) { + ResultUtilsKt.completeWithAuthorizeFailure( + pendingAuthorizationCallback, + new AuthorizeFailure(AuthorizeFailureType.API_EXCEPTION, e.getMessage(), null)); } - return true; - case REQUEST_CODE_SIGNIN: - // Whether resultCode is OK or not, the Task returned by GoogleSigIn will determine - // failure with better specifics which are extracted in onSignInResult method. - if (data != null) { - onSignInResult(GoogleSignIn.getSignedInAccountFromIntent(data)); - } else { - // data is null which is highly unusual for a sign in result. - finishWithError(ERROR_REASON_SIGN_IN_FAILED, "Signin failed"); - } - return true; - case REQUEST_CODE_REQUEST_SCOPE: - finishWithBoolean(resultCode == Activity.RESULT_OK); - return true; - default: - return false; + pendingAuthorizationCallback = null; + } else { + Log.e("google_sign_in", "Unexpected authorization result callback"); + } } + return false; } } } diff --git a/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInWrapper.java b/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInWrapper.java deleted file mode 100644 index c035329f8e9..00000000000 --- a/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInWrapper.java +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright 2013 The Flutter Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -package io.flutter.plugins.googlesignin; - -import android.app.Activity; -import android.content.Context; -import com.google.android.gms.auth.api.signin.GoogleSignIn; -import com.google.android.gms.auth.api.signin.GoogleSignInAccount; -import com.google.android.gms.auth.api.signin.GoogleSignInClient; -import com.google.android.gms.auth.api.signin.GoogleSignInOptions; -import com.google.android.gms.common.api.Scope; - -/** - * A wrapper object that calls static method in GoogleSignIn. - * - *

Because GoogleSignIn uses static method mostly, which is hard for unit testing. We use this - * wrapper class to use instance method which calls the corresponding GoogleSignIn static methods. - * - *

Warning! This class should stay true that each method calls a GoogleSignIn static method with - * the same name and same parameters. - */ -public class GoogleSignInWrapper { - - GoogleSignInClient getClient(Context context, GoogleSignInOptions options) { - return GoogleSignIn.getClient(context, options); - } - - GoogleSignInAccount getLastSignedInAccount(Context context) { - return GoogleSignIn.getLastSignedInAccount(context); - } - - boolean hasPermissions(GoogleSignInAccount account, Scope scope) { - return GoogleSignIn.hasPermissions(account, scope); - } - - void requestPermissions( - Activity activity, int requestCode, GoogleSignInAccount account, Scope[] scopes) { - GoogleSignIn.requestPermissions(activity, requestCode, account, scopes); - } -} diff --git a/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/Messages.java b/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/Messages.java deleted file mode 100644 index 56adfecf16a..00000000000 --- a/packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/Messages.java +++ /dev/null @@ -1,874 +0,0 @@ -// Copyright 2013 The Flutter Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// Autogenerated from Pigeon (v24.2.0), do not edit directly. -// See also: https://pub.dev/packages/pigeon - -package io.flutter.plugins.googlesignin; - -import static java.lang.annotation.ElementType.METHOD; -import static java.lang.annotation.RetentionPolicy.CLASS; - -import android.util.Log; -import androidx.annotation.NonNull; -import androidx.annotation.Nullable; -import io.flutter.plugin.common.BasicMessageChannel; -import io.flutter.plugin.common.BinaryMessenger; -import io.flutter.plugin.common.MessageCodec; -import io.flutter.plugin.common.StandardMessageCodec; -import java.io.ByteArrayOutputStream; -import java.lang.annotation.Retention; -import java.lang.annotation.Target; -import java.nio.ByteBuffer; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -/** Generated class from Pigeon. */ -@SuppressWarnings({"unused", "unchecked", "CodeBlock2Expr", "RedundantSuppression", "serial"}) -public class Messages { - - /** Error class for passing custom error details to Flutter via a thrown PlatformException. */ - public static class FlutterError extends RuntimeException { - - /** The error code. */ - public final String code; - - /** The error details. Must be a datatype supported by the api codec. */ - public final Object details; - - public FlutterError(@NonNull String code, @Nullable String message, @Nullable Object details) { - super(message); - this.code = code; - this.details = details; - } - } - - @NonNull - protected static ArrayList wrapError(@NonNull Throwable exception) { - ArrayList errorList = new ArrayList<>(3); - if (exception instanceof FlutterError) { - FlutterError error = (FlutterError) exception; - errorList.add(error.code); - errorList.add(error.getMessage()); - errorList.add(error.details); - } else { - errorList.add(exception.toString()); - errorList.add(exception.getClass().getSimpleName()); - errorList.add( - "Cause: " + exception.getCause() + ", Stacktrace: " + Log.getStackTraceString(exception)); - } - return errorList; - } - - @Target(METHOD) - @Retention(CLASS) - @interface CanIgnoreReturnValue {} - - /** Pigeon version of SignInOption. */ - public enum SignInType { - /** Default configuration. */ - STANDARD(0), - /** Recommended configuration for game sign in. */ - GAMES(1); - - final int index; - - SignInType(final int index) { - this.index = index; - } - } - - /** - * Pigeon version of SignInInitParams. - * - *

See SignInInitParams for details. - * - *

Generated class from Pigeon that represents data sent in messages. - */ - public static final class InitParams { - private @NonNull List scopes; - - public @NonNull List getScopes() { - return scopes; - } - - public void setScopes(@NonNull List setterArg) { - if (setterArg == null) { - throw new IllegalStateException("Nonnull field \"scopes\" is null."); - } - this.scopes = setterArg; - } - - private @NonNull SignInType signInType; - - public @NonNull SignInType getSignInType() { - return signInType; - } - - public void setSignInType(@NonNull SignInType setterArg) { - if (setterArg == null) { - throw new IllegalStateException("Nonnull field \"signInType\" is null."); - } - this.signInType = setterArg; - } - - private @Nullable String hostedDomain; - - public @Nullable String getHostedDomain() { - return hostedDomain; - } - - public void setHostedDomain(@Nullable String setterArg) { - this.hostedDomain = setterArg; - } - - private @Nullable String clientId; - - public @Nullable String getClientId() { - return clientId; - } - - public void setClientId(@Nullable String setterArg) { - this.clientId = setterArg; - } - - private @Nullable String serverClientId; - - public @Nullable String getServerClientId() { - return serverClientId; - } - - public void setServerClientId(@Nullable String setterArg) { - this.serverClientId = setterArg; - } - - private @NonNull Boolean forceCodeForRefreshToken; - - public @NonNull Boolean getForceCodeForRefreshToken() { - return forceCodeForRefreshToken; - } - - public void setForceCodeForRefreshToken(@NonNull Boolean setterArg) { - if (setterArg == null) { - throw new IllegalStateException("Nonnull field \"forceCodeForRefreshToken\" is null."); - } - this.forceCodeForRefreshToken = setterArg; - } - - private @Nullable String forceAccountName; - - public @Nullable String getForceAccountName() { - return forceAccountName; - } - - public void setForceAccountName(@Nullable String setterArg) { - this.forceAccountName = setterArg; - } - - /** Constructor is non-public to enforce null safety; use Builder. */ - InitParams() {} - - @Override - public boolean equals(Object o) { - if (this == o) { - return true; - } - if (o == null || getClass() != o.getClass()) { - return false; - } - InitParams that = (InitParams) o; - return scopes.equals(that.scopes) - && signInType.equals(that.signInType) - && Objects.equals(hostedDomain, that.hostedDomain) - && Objects.equals(clientId, that.clientId) - && Objects.equals(serverClientId, that.serverClientId) - && forceCodeForRefreshToken.equals(that.forceCodeForRefreshToken) - && Objects.equals(forceAccountName, that.forceAccountName); - } - - @Override - public int hashCode() { - return Objects.hash( - scopes, - signInType, - hostedDomain, - clientId, - serverClientId, - forceCodeForRefreshToken, - forceAccountName); - } - - public static final class Builder { - - private @Nullable List scopes; - - @CanIgnoreReturnValue - public @NonNull Builder setScopes(@NonNull List setterArg) { - this.scopes = setterArg; - return this; - } - - private @Nullable SignInType signInType; - - @CanIgnoreReturnValue - public @NonNull Builder setSignInType(@NonNull SignInType setterArg) { - this.signInType = setterArg; - return this; - } - - private @Nullable String hostedDomain; - - @CanIgnoreReturnValue - public @NonNull Builder setHostedDomain(@Nullable String setterArg) { - this.hostedDomain = setterArg; - return this; - } - - private @Nullable String clientId; - - @CanIgnoreReturnValue - public @NonNull Builder setClientId(@Nullable String setterArg) { - this.clientId = setterArg; - return this; - } - - private @Nullable String serverClientId; - - @CanIgnoreReturnValue - public @NonNull Builder setServerClientId(@Nullable String setterArg) { - this.serverClientId = setterArg; - return this; - } - - private @Nullable Boolean forceCodeForRefreshToken; - - @CanIgnoreReturnValue - public @NonNull Builder setForceCodeForRefreshToken(@NonNull Boolean setterArg) { - this.forceCodeForRefreshToken = setterArg; - return this; - } - - private @Nullable String forceAccountName; - - @CanIgnoreReturnValue - public @NonNull Builder setForceAccountName(@Nullable String setterArg) { - this.forceAccountName = setterArg; - return this; - } - - public @NonNull InitParams build() { - InitParams pigeonReturn = new InitParams(); - pigeonReturn.setScopes(scopes); - pigeonReturn.setSignInType(signInType); - pigeonReturn.setHostedDomain(hostedDomain); - pigeonReturn.setClientId(clientId); - pigeonReturn.setServerClientId(serverClientId); - pigeonReturn.setForceCodeForRefreshToken(forceCodeForRefreshToken); - pigeonReturn.setForceAccountName(forceAccountName); - return pigeonReturn; - } - } - - @NonNull - ArrayList toList() { - ArrayList toListResult = new ArrayList<>(7); - toListResult.add(scopes); - toListResult.add(signInType); - toListResult.add(hostedDomain); - toListResult.add(clientId); - toListResult.add(serverClientId); - toListResult.add(forceCodeForRefreshToken); - toListResult.add(forceAccountName); - return toListResult; - } - - static @NonNull InitParams fromList(@NonNull ArrayList pigeonVar_list) { - InitParams pigeonResult = new InitParams(); - Object scopes = pigeonVar_list.get(0); - pigeonResult.setScopes((List) scopes); - Object signInType = pigeonVar_list.get(1); - pigeonResult.setSignInType((SignInType) signInType); - Object hostedDomain = pigeonVar_list.get(2); - pigeonResult.setHostedDomain((String) hostedDomain); - Object clientId = pigeonVar_list.get(3); - pigeonResult.setClientId((String) clientId); - Object serverClientId = pigeonVar_list.get(4); - pigeonResult.setServerClientId((String) serverClientId); - Object forceCodeForRefreshToken = pigeonVar_list.get(5); - pigeonResult.setForceCodeForRefreshToken((Boolean) forceCodeForRefreshToken); - Object forceAccountName = pigeonVar_list.get(6); - pigeonResult.setForceAccountName((String) forceAccountName); - return pigeonResult; - } - } - - /** - * Pigeon version of GoogleSignInUserData. - * - *

See GoogleSignInUserData for details. - * - *

Generated class from Pigeon that represents data sent in messages. - */ - public static final class UserData { - private @Nullable String displayName; - - public @Nullable String getDisplayName() { - return displayName; - } - - public void setDisplayName(@Nullable String setterArg) { - this.displayName = setterArg; - } - - private @NonNull String email; - - public @NonNull String getEmail() { - return email; - } - - public void setEmail(@NonNull String setterArg) { - if (setterArg == null) { - throw new IllegalStateException("Nonnull field \"email\" is null."); - } - this.email = setterArg; - } - - private @NonNull String id; - - public @NonNull String getId() { - return id; - } - - public void setId(@NonNull String setterArg) { - if (setterArg == null) { - throw new IllegalStateException("Nonnull field \"id\" is null."); - } - this.id = setterArg; - } - - private @Nullable String photoUrl; - - public @Nullable String getPhotoUrl() { - return photoUrl; - } - - public void setPhotoUrl(@Nullable String setterArg) { - this.photoUrl = setterArg; - } - - private @Nullable String idToken; - - public @Nullable String getIdToken() { - return idToken; - } - - public void setIdToken(@Nullable String setterArg) { - this.idToken = setterArg; - } - - private @Nullable String serverAuthCode; - - public @Nullable String getServerAuthCode() { - return serverAuthCode; - } - - public void setServerAuthCode(@Nullable String setterArg) { - this.serverAuthCode = setterArg; - } - - /** Constructor is non-public to enforce null safety; use Builder. */ - UserData() {} - - @Override - public boolean equals(Object o) { - if (this == o) { - return true; - } - if (o == null || getClass() != o.getClass()) { - return false; - } - UserData that = (UserData) o; - return Objects.equals(displayName, that.displayName) - && email.equals(that.email) - && id.equals(that.id) - && Objects.equals(photoUrl, that.photoUrl) - && Objects.equals(idToken, that.idToken) - && Objects.equals(serverAuthCode, that.serverAuthCode); - } - - @Override - public int hashCode() { - return Objects.hash(displayName, email, id, photoUrl, idToken, serverAuthCode); - } - - public static final class Builder { - - private @Nullable String displayName; - - @CanIgnoreReturnValue - public @NonNull Builder setDisplayName(@Nullable String setterArg) { - this.displayName = setterArg; - return this; - } - - private @Nullable String email; - - @CanIgnoreReturnValue - public @NonNull Builder setEmail(@NonNull String setterArg) { - this.email = setterArg; - return this; - } - - private @Nullable String id; - - @CanIgnoreReturnValue - public @NonNull Builder setId(@NonNull String setterArg) { - this.id = setterArg; - return this; - } - - private @Nullable String photoUrl; - - @CanIgnoreReturnValue - public @NonNull Builder setPhotoUrl(@Nullable String setterArg) { - this.photoUrl = setterArg; - return this; - } - - private @Nullable String idToken; - - @CanIgnoreReturnValue - public @NonNull Builder setIdToken(@Nullable String setterArg) { - this.idToken = setterArg; - return this; - } - - private @Nullable String serverAuthCode; - - @CanIgnoreReturnValue - public @NonNull Builder setServerAuthCode(@Nullable String setterArg) { - this.serverAuthCode = setterArg; - return this; - } - - public @NonNull UserData build() { - UserData pigeonReturn = new UserData(); - pigeonReturn.setDisplayName(displayName); - pigeonReturn.setEmail(email); - pigeonReturn.setId(id); - pigeonReturn.setPhotoUrl(photoUrl); - pigeonReturn.setIdToken(idToken); - pigeonReturn.setServerAuthCode(serverAuthCode); - return pigeonReturn; - } - } - - @NonNull - ArrayList toList() { - ArrayList toListResult = new ArrayList<>(6); - toListResult.add(displayName); - toListResult.add(email); - toListResult.add(id); - toListResult.add(photoUrl); - toListResult.add(idToken); - toListResult.add(serverAuthCode); - return toListResult; - } - - static @NonNull UserData fromList(@NonNull ArrayList pigeonVar_list) { - UserData pigeonResult = new UserData(); - Object displayName = pigeonVar_list.get(0); - pigeonResult.setDisplayName((String) displayName); - Object email = pigeonVar_list.get(1); - pigeonResult.setEmail((String) email); - Object id = pigeonVar_list.get(2); - pigeonResult.setId((String) id); - Object photoUrl = pigeonVar_list.get(3); - pigeonResult.setPhotoUrl((String) photoUrl); - Object idToken = pigeonVar_list.get(4); - pigeonResult.setIdToken((String) idToken); - Object serverAuthCode = pigeonVar_list.get(5); - pigeonResult.setServerAuthCode((String) serverAuthCode); - return pigeonResult; - } - } - - private static class PigeonCodec extends StandardMessageCodec { - public static final PigeonCodec INSTANCE = new PigeonCodec(); - - private PigeonCodec() {} - - @Override - protected Object readValueOfType(byte type, @NonNull ByteBuffer buffer) { - switch (type) { - case (byte) 129: - { - Object value = readValue(buffer); - return value == null ? null : SignInType.values()[((Long) value).intValue()]; - } - case (byte) 130: - return InitParams.fromList((ArrayList) readValue(buffer)); - case (byte) 131: - return UserData.fromList((ArrayList) readValue(buffer)); - default: - return super.readValueOfType(type, buffer); - } - } - - @Override - protected void writeValue(@NonNull ByteArrayOutputStream stream, Object value) { - if (value instanceof SignInType) { - stream.write(129); - writeValue(stream, value == null ? null : ((SignInType) value).index); - } else if (value instanceof InitParams) { - stream.write(130); - writeValue(stream, ((InitParams) value).toList()); - } else if (value instanceof UserData) { - stream.write(131); - writeValue(stream, ((UserData) value).toList()); - } else { - super.writeValue(stream, value); - } - } - } - - /** Asynchronous error handling return type for non-nullable API method returns. */ - public interface Result { - /** Success case callback method for handling returns. */ - void success(@NonNull T result); - - /** Failure case callback method for handling errors. */ - void error(@NonNull Throwable error); - } - - /** Asynchronous error handling return type for nullable API method returns. */ - public interface NullableResult { - /** Success case callback method for handling returns. */ - void success(@Nullable T result); - - /** Failure case callback method for handling errors. */ - void error(@NonNull Throwable error); - } - - /** Asynchronous error handling return type for void API method returns. */ - public interface VoidResult { - /** Success case callback method for handling returns. */ - void success(); - - /** Failure case callback method for handling errors. */ - void error(@NonNull Throwable error); - } - - /** Generated interface from Pigeon that represents a handler of messages from Flutter. */ - public interface GoogleSignInApi { - /** Initializes a sign in request with the given parameters. */ - void init(@NonNull InitParams params); - - /** Starts a silent sign in. */ - void signInSilently(@NonNull Result result); - - /** Starts a sign in with user interaction. */ - void signIn(@NonNull Result result); - - /** Requests the access token for the current sign in. */ - void getAccessToken( - @NonNull String email, @NonNull Boolean shouldRecoverAuth, @NonNull Result result); - - /** Signs out the current user. */ - void signOut(@NonNull VoidResult result); - - /** Revokes scope grants to the application. */ - void disconnect(@NonNull VoidResult result); - - /** Returns whether the user is currently signed in. */ - @NonNull - Boolean isSignedIn(); - - /** Clears the authentication caching for the given token, requiring a new sign in. */ - void clearAuthCache(@NonNull String token); - - /** Requests access to the given scopes. */ - void requestScopes(@NonNull List scopes, @NonNull Result result); - - /** The codec used by GoogleSignInApi. */ - static @NonNull MessageCodec getCodec() { - return PigeonCodec.INSTANCE; - } - - /** - * Sets up an instance of `GoogleSignInApi` to handle messages through the `binaryMessenger`. - */ - static void setUp(@NonNull BinaryMessenger binaryMessenger, @Nullable GoogleSignInApi api) { - setUp(binaryMessenger, "", api); - } - - static void setUp( - @NonNull BinaryMessenger binaryMessenger, - @NonNull String messageChannelSuffix, - @Nullable GoogleSignInApi api) { - messageChannelSuffix = messageChannelSuffix.isEmpty() ? "" : "." + messageChannelSuffix; - BinaryMessenger.TaskQueue taskQueue = binaryMessenger.makeBackgroundTaskQueue(); - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.init" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - ArrayList args = (ArrayList) message; - InitParams paramsArg = (InitParams) args.get(0); - try { - api.init(paramsArg); - wrapped.add(0, null); - } catch (Throwable exception) { - wrapped = wrapError(exception); - } - reply.reply(wrapped); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.signInSilently" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - Result resultCallback = - new Result() { - public void success(UserData result) { - wrapped.add(0, result); - reply.reply(wrapped); - } - - public void error(Throwable error) { - ArrayList wrappedError = wrapError(error); - reply.reply(wrappedError); - } - }; - - api.signInSilently(resultCallback); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.signIn" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - Result resultCallback = - new Result() { - public void success(UserData result) { - wrapped.add(0, result); - reply.reply(wrapped); - } - - public void error(Throwable error) { - ArrayList wrappedError = wrapError(error); - reply.reply(wrappedError); - } - }; - - api.signIn(resultCallback); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.getAccessToken" - + messageChannelSuffix, - getCodec(), - taskQueue); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - ArrayList args = (ArrayList) message; - String emailArg = (String) args.get(0); - Boolean shouldRecoverAuthArg = (Boolean) args.get(1); - Result resultCallback = - new Result() { - public void success(String result) { - wrapped.add(0, result); - reply.reply(wrapped); - } - - public void error(Throwable error) { - ArrayList wrappedError = wrapError(error); - reply.reply(wrappedError); - } - }; - - api.getAccessToken(emailArg, shouldRecoverAuthArg, resultCallback); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.signOut" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - VoidResult resultCallback = - new VoidResult() { - public void success() { - wrapped.add(0, null); - reply.reply(wrapped); - } - - public void error(Throwable error) { - ArrayList wrappedError = wrapError(error); - reply.reply(wrappedError); - } - }; - - api.signOut(resultCallback); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.disconnect" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - VoidResult resultCallback = - new VoidResult() { - public void success() { - wrapped.add(0, null); - reply.reply(wrapped); - } - - public void error(Throwable error) { - ArrayList wrappedError = wrapError(error); - reply.reply(wrappedError); - } - }; - - api.disconnect(resultCallback); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.isSignedIn" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - try { - Boolean output = api.isSignedIn(); - wrapped.add(0, output); - } catch (Throwable exception) { - wrapped = wrapError(exception); - } - reply.reply(wrapped); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.clearAuthCache" - + messageChannelSuffix, - getCodec(), - taskQueue); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - ArrayList args = (ArrayList) message; - String tokenArg = (String) args.get(0); - try { - api.clearAuthCache(tokenArg); - wrapped.add(0, null); - } catch (Throwable exception) { - wrapped = wrapError(exception); - } - reply.reply(wrapped); - }); - } else { - channel.setMessageHandler(null); - } - } - { - BasicMessageChannel channel = - new BasicMessageChannel<>( - binaryMessenger, - "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.requestScopes" - + messageChannelSuffix, - getCodec()); - if (api != null) { - channel.setMessageHandler( - (message, reply) -> { - ArrayList wrapped = new ArrayList<>(); - ArrayList args = (ArrayList) message; - List scopesArg = (List) args.get(0); - Result resultCallback = - new Result() { - public void success(Boolean result) { - wrapped.add(0, result); - reply.reply(wrapped); - } - - public void error(Throwable error) { - ArrayList wrappedError = wrapError(error); - reply.reply(wrappedError); - } - }; - - api.requestScopes(scopesArg, resultCallback); - }); - } else { - channel.setMessageHandler(null); - } - } - } - } -} diff --git a/packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/Messages.kt b/packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/Messages.kt new file mode 100644 index 00000000000..783063d22f7 --- /dev/null +++ b/packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/Messages.kt @@ -0,0 +1,588 @@ +// Copyright 2013 The Flutter Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// Autogenerated from Pigeon (v24.2.2), do not edit directly. +// See also: https://pub.dev/packages/pigeon +@file:Suppress("UNCHECKED_CAST", "ArrayInDataClass") + +package io.flutter.plugins.googlesignin + +import android.util.Log +import io.flutter.plugin.common.BasicMessageChannel +import io.flutter.plugin.common.BinaryMessenger +import io.flutter.plugin.common.MessageCodec +import io.flutter.plugin.common.StandardMessageCodec +import java.io.ByteArrayOutputStream +import java.nio.ByteBuffer + +private fun wrapResult(result: Any?): List { + return listOf(result) +} + +private fun wrapError(exception: Throwable): List { + return if (exception is FlutterError) { + listOf(exception.code, exception.message, exception.details) + } else { + listOf( + exception.javaClass.simpleName, + exception.toString(), + "Cause: " + exception.cause + ", Stacktrace: " + Log.getStackTraceString(exception)) + } +} + +/** + * Error class for passing custom error details to Flutter via a thrown PlatformException. + * + * @property code The error code. + * @property message The error message. + * @property details The error details. Must be a datatype supported by the api codec. + */ +class FlutterError( + val code: String, + override val message: String? = null, + val details: Any? = null +) : Throwable() + +enum class GetCredentialFailureType(val raw: Int) { + /** Indicates that a credential was returned, but it was not of the expected type. */ + UNEXPECTED_CREDENTIAL_TYPE(0), + /** Indicates that a server client ID was not provided. */ + MISSING_SERVER_CLIENT_ID(1), + /** The request was internally interrupted. */ + INTERRUPTED(2), + /** The request was canceled by the user. */ + CANCELED(3), + /** No matching credential was found. */ + NO_CREDENTIAL(4), + /** The provider was not properly configured. */ + PROVIDER_CONFIGURATION_ISSUE(5), + /** The credential manager is not supported on this device. */ + UNSUPPORTED(6), + /** The request failed for an unknown reason. */ + UNKNOWN(7); + + companion object { + fun ofRaw(raw: Int): GetCredentialFailureType? { + return values().firstOrNull { it.raw == raw } + } + } +} + +enum class AuthorizeFailureType(val raw: Int) { + /** + * Indicates that the requested types are not currently authorized. + * + * This is returned only if promptIfUnauthorized is false, indicating that the user would need to + * be prompted for authorization. + */ + UNAUTHORIZED(0), + /** Indicates that the call to AuthorizationClient.authorize itself failed. */ + AUTHORIZE_FAILURE(1), + /** + * Corresponds to SendIntentException, indicating that the pending intent is no longer available. + */ + PENDING_INTENT_EXCEPTION(2), + /** + * Corresponds to an SendIntentException in onActivityResult, indicating that either authorization + * failed, or the result was not available for some reason. + */ + API_EXCEPTION(3), + /** + * Indicates that the user needs to be prompted for authorization, but there is no current + * activity to prompt in. + */ + NO_ACTIVITY(4); + + companion object { + fun ofRaw(raw: Int): AuthorizeFailureType? { + return values().firstOrNull { it.raw == raw } + } + } +} + +/** + * The information necessary to build a an authorization request. + * + * Corresponds to the native AuthorizationRequest object, but only contains the fields used by this + * plugin. + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class PlatformAuthorizationRequest( + val scopes: List, + val hostedDomain: String? = null, + val accountEmail: String? = null, + /** If set, adds a call to requestOfflineAccess(this string, true); */ + val serverClientIdForForcedRefreshToken: String? = null +) { + companion object { + fun fromList(pigeonVar_list: List): PlatformAuthorizationRequest { + val scopes = pigeonVar_list[0] as List + val hostedDomain = pigeonVar_list[1] as String? + val accountEmail = pigeonVar_list[2] as String? + val serverClientIdForForcedRefreshToken = pigeonVar_list[3] as String? + return PlatformAuthorizationRequest( + scopes, hostedDomain, accountEmail, serverClientIdForForcedRefreshToken) + } + } + + fun toList(): List { + return listOf( + scopes, + hostedDomain, + accountEmail, + serverClientIdForForcedRefreshToken, + ) + } +} + +/** + * The information necessary to build a credential request. + * + * Combines the parts of the native GetCredentialRequest and CredentialOption classes that are used + * for this plugin. + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class GetCredentialRequestParams( + /** + * Whether to use the Sign in with Google button flow (GetSignInWithGoogleOption), corresponding + * to an explicit sign-in request, or not (GetGoogleIdOption), corresponding to an implicit + * potential sign-in. + */ + val useButtonFlow: Boolean, + /** + * Parameters specific to GetGoogleIdOption. + * + * Ignored if useButtonFlow is true. + */ + val googleIdOptionParams: GetCredentialRequestGoogleIdOptionParams, + val serverClientId: String? = null, + val nonce: String? = null +) { + companion object { + fun fromList(pigeonVar_list: List): GetCredentialRequestParams { + val useButtonFlow = pigeonVar_list[0] as Boolean + val googleIdOptionParams = pigeonVar_list[1] as GetCredentialRequestGoogleIdOptionParams + val serverClientId = pigeonVar_list[2] as String? + val nonce = pigeonVar_list[3] as String? + return GetCredentialRequestParams(useButtonFlow, googleIdOptionParams, serverClientId, nonce) + } + } + + fun toList(): List { + return listOf( + useButtonFlow, + googleIdOptionParams, + serverClientId, + nonce, + ) + } +} + +/** Generated class from Pigeon that represents data sent in messages. */ +data class GetCredentialRequestGoogleIdOptionParams( + val filterToAuthorized: Boolean, + val autoSelectEnabled: Boolean +) { + companion object { + fun fromList(pigeonVar_list: List): GetCredentialRequestGoogleIdOptionParams { + val filterToAuthorized = pigeonVar_list[0] as Boolean + val autoSelectEnabled = pigeonVar_list[1] as Boolean + return GetCredentialRequestGoogleIdOptionParams(filterToAuthorized, autoSelectEnabled) + } + } + + fun toList(): List { + return listOf( + filterToAuthorized, + autoSelectEnabled, + ) + } +} + +/** + * Pigeon equivalent of the native GoogleIdTokenCredential. + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class PlatformGoogleIdTokenCredential( + val displayName: String? = null, + val familyName: String? = null, + val givenName: String? = null, + val id: String, + val idToken: String, + val profilePictureUri: String? = null +) { + companion object { + fun fromList(pigeonVar_list: List): PlatformGoogleIdTokenCredential { + val displayName = pigeonVar_list[0] as String? + val familyName = pigeonVar_list[1] as String? + val givenName = pigeonVar_list[2] as String? + val id = pigeonVar_list[3] as String + val idToken = pigeonVar_list[4] as String + val profilePictureUri = pigeonVar_list[5] as String? + return PlatformGoogleIdTokenCredential( + displayName, familyName, givenName, id, idToken, profilePictureUri) + } + } + + fun toList(): List { + return listOf( + displayName, + familyName, + givenName, + id, + idToken, + profilePictureUri, + ) + } +} + +/** + * The response from a `getCredential` call. + * + * This is not the same as a native GetCredentialResponse since modeling the response type hierarchy + * and two-part callback in this interface layer would add a lot of complexity that is not needed + * for the plugin's use case. It is instead a processed version of the results of those callbacks. + * + * Generated class from Pigeon that represents data sent in messages. This class should not be + * extended by any user class outside of the generated file. + */ +sealed class GetCredentialResult +/** + * An authentication failure. + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class GetCredentialFailure( + /** The type of failure. */ + val type: GetCredentialFailureType, + /** The message associated with the failure, if any. */ + val message: String? = null, + /** Extra details about the failure, if any. */ + val details: String? = null +) : GetCredentialResult() { + companion object { + fun fromList(pigeonVar_list: List): GetCredentialFailure { + val type = pigeonVar_list[0] as GetCredentialFailureType + val message = pigeonVar_list[1] as String? + val details = pigeonVar_list[2] as String? + return GetCredentialFailure(type, message, details) + } + } + + fun toList(): List { + return listOf( + type, + message, + details, + ) + } +} + +/** + * A successful authentication result. + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class GetCredentialSuccess(val credential: PlatformGoogleIdTokenCredential) : + GetCredentialResult() { + companion object { + fun fromList(pigeonVar_list: List): GetCredentialSuccess { + val credential = pigeonVar_list[0] as PlatformGoogleIdTokenCredential + return GetCredentialSuccess(credential) + } + } + + fun toList(): List { + return listOf( + credential, + ) + } +} + +/** + * The response from an `authorize` call. + * + * Generated class from Pigeon that represents data sent in messages. This class should not be + * extended by any user class outside of the generated file. + */ +sealed class AuthorizeResult +/** + * An authorization failure + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class AuthorizeFailure( + /** The type of failure. */ + val type: AuthorizeFailureType, + /** The message associated with the failure, if any. */ + val message: String? = null, + /** Extra details about the failure, if any. */ + val details: String? = null +) : AuthorizeResult() { + companion object { + fun fromList(pigeonVar_list: List): AuthorizeFailure { + val type = pigeonVar_list[0] as AuthorizeFailureType + val message = pigeonVar_list[1] as String? + val details = pigeonVar_list[2] as String? + return AuthorizeFailure(type, message, details) + } + } + + fun toList(): List { + return listOf( + type, + message, + details, + ) + } +} + +/** + * A successful authorization result. + * + * Corresponds to a native AuthorizationResult. + * + * Generated class from Pigeon that represents data sent in messages. + */ +data class PlatformAuthorizationResult( + val accessToken: String? = null, + val serverAuthCode: String? = null, + val grantedScopes: List +) : AuthorizeResult() { + companion object { + fun fromList(pigeonVar_list: List): PlatformAuthorizationResult { + val accessToken = pigeonVar_list[0] as String? + val serverAuthCode = pigeonVar_list[1] as String? + val grantedScopes = pigeonVar_list[2] as List + return PlatformAuthorizationResult(accessToken, serverAuthCode, grantedScopes) + } + } + + fun toList(): List { + return listOf( + accessToken, + serverAuthCode, + grantedScopes, + ) + } +} + +private open class MessagesPigeonCodec : StandardMessageCodec() { + override fun readValueOfType(type: Byte, buffer: ByteBuffer): Any? { + return when (type) { + 129.toByte() -> { + return (readValue(buffer) as Long?)?.let { GetCredentialFailureType.ofRaw(it.toInt()) } + } + 130.toByte() -> { + return (readValue(buffer) as Long?)?.let { AuthorizeFailureType.ofRaw(it.toInt()) } + } + 131.toByte() -> { + return (readValue(buffer) as? List)?.let { PlatformAuthorizationRequest.fromList(it) } + } + 132.toByte() -> { + return (readValue(buffer) as? List)?.let { GetCredentialRequestParams.fromList(it) } + } + 133.toByte() -> { + return (readValue(buffer) as? List)?.let { + GetCredentialRequestGoogleIdOptionParams.fromList(it) + } + } + 134.toByte() -> { + return (readValue(buffer) as? List)?.let { + PlatformGoogleIdTokenCredential.fromList(it) + } + } + 135.toByte() -> { + return (readValue(buffer) as? List)?.let { GetCredentialFailure.fromList(it) } + } + 136.toByte() -> { + return (readValue(buffer) as? List)?.let { GetCredentialSuccess.fromList(it) } + } + 137.toByte() -> { + return (readValue(buffer) as? List)?.let { AuthorizeFailure.fromList(it) } + } + 138.toByte() -> { + return (readValue(buffer) as? List)?.let { PlatformAuthorizationResult.fromList(it) } + } + else -> super.readValueOfType(type, buffer) + } + } + + override fun writeValue(stream: ByteArrayOutputStream, value: Any?) { + when (value) { + is GetCredentialFailureType -> { + stream.write(129) + writeValue(stream, value.raw) + } + is AuthorizeFailureType -> { + stream.write(130) + writeValue(stream, value.raw) + } + is PlatformAuthorizationRequest -> { + stream.write(131) + writeValue(stream, value.toList()) + } + is GetCredentialRequestParams -> { + stream.write(132) + writeValue(stream, value.toList()) + } + is GetCredentialRequestGoogleIdOptionParams -> { + stream.write(133) + writeValue(stream, value.toList()) + } + is PlatformGoogleIdTokenCredential -> { + stream.write(134) + writeValue(stream, value.toList()) + } + is GetCredentialFailure -> { + stream.write(135) + writeValue(stream, value.toList()) + } + is GetCredentialSuccess -> { + stream.write(136) + writeValue(stream, value.toList()) + } + is AuthorizeFailure -> { + stream.write(137) + writeValue(stream, value.toList()) + } + is PlatformAuthorizationResult -> { + stream.write(138) + writeValue(stream, value.toList()) + } + else -> super.writeValue(stream, value) + } + } +} + +/** Generated interface from Pigeon that represents a handler of messages from Flutter. */ +interface GoogleSignInApi { + /** + * Returns the server client ID parsed from google-services.json by the google-services Gradle + * script, if any. + */ + fun getGoogleServicesJsonServerClientId(): String? + /** Requests an authentication credential (sign in) via CredentialManager's getCredential. */ + fun getCredential( + params: GetCredentialRequestParams, + callback: (Result) -> Unit + ) + /** Clears CredentialManager credential state. */ + fun clearCredentialState(callback: (Result) -> Unit) + /** Requests authorization tokens via AuthorizationClient. */ + fun authorize( + params: PlatformAuthorizationRequest, + promptIfUnauthorized: Boolean, + callback: (Result) -> Unit + ) + + companion object { + /** The codec used by GoogleSignInApi. */ + val codec: MessageCodec by lazy { MessagesPigeonCodec() } + /** + * Sets up an instance of `GoogleSignInApi` to handle messages through the `binaryMessenger`. + */ + @JvmOverloads + fun setUp( + binaryMessenger: BinaryMessenger, + api: GoogleSignInApi?, + messageChannelSuffix: String = "" + ) { + val separatedMessageChannelSuffix = + if (messageChannelSuffix.isNotEmpty()) ".$messageChannelSuffix" else "" + run { + val channel = + BasicMessageChannel( + binaryMessenger, + "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.getGoogleServicesJsonServerClientId$separatedMessageChannelSuffix", + codec) + if (api != null) { + channel.setMessageHandler { _, reply -> + val wrapped: List = + try { + listOf(api.getGoogleServicesJsonServerClientId()) + } catch (exception: Throwable) { + wrapError(exception) + } + reply.reply(wrapped) + } + } else { + channel.setMessageHandler(null) + } + } + run { + val channel = + BasicMessageChannel( + binaryMessenger, + "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.getCredential$separatedMessageChannelSuffix", + codec) + if (api != null) { + channel.setMessageHandler { message, reply -> + val args = message as List + val paramsArg = args[0] as GetCredentialRequestParams + api.getCredential(paramsArg) { result: Result -> + val error = result.exceptionOrNull() + if (error != null) { + reply.reply(wrapError(error)) + } else { + val data = result.getOrNull() + reply.reply(wrapResult(data)) + } + } + } + } else { + channel.setMessageHandler(null) + } + } + run { + val channel = + BasicMessageChannel( + binaryMessenger, + "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.clearCredentialState$separatedMessageChannelSuffix", + codec) + if (api != null) { + channel.setMessageHandler { _, reply -> + api.clearCredentialState { result: Result -> + val error = result.exceptionOrNull() + if (error != null) { + reply.reply(wrapError(error)) + } else { + reply.reply(wrapResult(null)) + } + } + } + } else { + channel.setMessageHandler(null) + } + } + run { + val channel = + BasicMessageChannel( + binaryMessenger, + "dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.authorize$separatedMessageChannelSuffix", + codec) + if (api != null) { + channel.setMessageHandler { message, reply -> + val args = message as List + val paramsArg = args[0] as PlatformAuthorizationRequest + val promptIfUnauthorizedArg = args[1] as Boolean + api.authorize(paramsArg, promptIfUnauthorizedArg) { result: Result -> + val error = result.exceptionOrNull() + if (error != null) { + reply.reply(wrapError(error)) + } else { + val data = result.getOrNull() + reply.reply(wrapResult(data)) + } + } + } + } else { + channel.setMessageHandler(null) + } + } + } + } +} diff --git a/packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/ResultUtils.kt b/packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/ResultUtils.kt new file mode 100644 index 00000000000..4a9f09795f7 --- /dev/null +++ b/packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/ResultUtils.kt @@ -0,0 +1,41 @@ +// Copyright 2013 The Flutter Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +package io.flutter.plugins.googlesignin + +fun completeWithGetGetCredentialResult( + callback: (Result) -> Unit, + result: GetCredentialResult +) { + callback(Result.success(result)) +} + +fun completeWithGetCredentialFailure( + callback: (Result) -> Unit, + failure: GetCredentialFailure +) { + callback(Result.success(failure)) +} + +fun completeWithClearCredentialStateSuccess(callback: (Result) -> Unit) { + callback(Result.success(Unit)) +} + +fun completeWithClearCredentialStateError(callback: (Result) -> Unit, failure: FlutterError) { + callback(Result.failure(failure)) +} + +fun completeWithAuthorizationResult( + callback: (Result) -> Unit, + result: PlatformAuthorizationResult +) { + callback(Result.success(result)) +} + +fun completeWithAuthorizeFailure( + callback: (Result) -> Unit, + failure: AuthorizeFailure +) { + callback(Result.success(failure)) +} diff --git a/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/GoogleSignInTest.java b/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/GoogleSignInTest.java index 32ade75d0cb..88ac2f3c05e 100644 --- a/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/GoogleSignInTest.java +++ b/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/GoogleSignInTest.java @@ -4,60 +4,99 @@ package io.flutter.plugins.googlesignin; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import android.accounts.Account; import android.app.Activity; +import android.app.PendingIntent; import android.content.Context; -import android.content.Intent; +import android.content.IntentSender; import android.content.res.Resources; -import com.google.android.gms.auth.api.signin.GoogleSignInAccount; -import com.google.android.gms.auth.api.signin.GoogleSignInClient; -import com.google.android.gms.auth.api.signin.GoogleSignInOptions; +import androidx.credentials.ClearCredentialStateRequest; +import androidx.credentials.Credential; +import androidx.credentials.CredentialManager; +import androidx.credentials.CredentialManagerCallback; +import androidx.credentials.CustomCredential; +import androidx.credentials.GetCredentialRequest; +import androidx.credentials.GetCredentialResponse; +import androidx.credentials.PasswordCredential; +import androidx.credentials.exceptions.ClearCredentialException; +import androidx.credentials.exceptions.GetCredentialCancellationException; +import androidx.credentials.exceptions.GetCredentialException; +import androidx.credentials.exceptions.GetCredentialInterruptedException; +import androidx.credentials.exceptions.GetCredentialProviderConfigurationException; +import androidx.credentials.exceptions.GetCredentialUnknownException; +import androidx.credentials.exceptions.GetCredentialUnsupportedException; +import androidx.credentials.exceptions.NoCredentialException; +import com.google.android.gms.auth.api.identity.AuthorizationClient; +import com.google.android.gms.auth.api.identity.AuthorizationRequest; +import com.google.android.gms.auth.api.identity.AuthorizationResult; import com.google.android.gms.common.api.ApiException; -import com.google.android.gms.common.api.CommonStatusCodes; -import com.google.android.gms.common.api.Scope; import com.google.android.gms.common.api.Status; +import com.google.android.gms.tasks.OnSuccessListener; import com.google.android.gms.tasks.Task; -import io.flutter.plugins.googlesignin.Messages.FlutterError; -import io.flutter.plugins.googlesignin.Messages.InitParams; -import java.util.Collections; +import com.google.android.libraries.identity.googleid.GetGoogleIdOption; +import com.google.android.libraries.identity.googleid.GetSignInWithGoogleOption; +import com.google.android.libraries.identity.googleid.GoogleIdTokenCredential; +import io.flutter.embedding.engine.plugins.activity.ActivityPluginBinding; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import org.junit.After; -import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.mockito.ArgumentCaptor; import org.mockito.Mock; -import org.mockito.MockedConstruction; -import org.mockito.Mockito; import org.mockito.MockitoAnnotations; -import org.mockito.Spy; public class GoogleSignInTest { @Mock Context mockContext; @Mock Resources mockResources; @Mock Activity mockActivity; - @Spy Messages.VoidResult voidResult; - @Spy Messages.Result boolResult; - @Spy Messages.Result userDataResult; - @Mock GoogleSignInWrapper mockGoogleSignIn; - @Mock GoogleSignInAccount account; - @Mock GoogleSignInClient mockClient; - @Mock Task mockSignInTask; + @Mock ActivityPluginBinding mockActivityPluginBinding; + @Mock PendingIntent mockAuthorizationIntent; + @Mock IntentSender mockAuthorizationIntentSender; + @Mock AuthorizeResult mockAuthorizeResult; + @Mock CredentialManager mockCredentialManager; + @Mock AuthorizationClient mockAuthorizationClient; + @Mock CustomCredential mockGenericCredential; + @Mock GoogleIdTokenCredential mockGoogleCredential; + @Mock Task mockAuthorizationTask; + private GoogleSignInPlugin flutterPlugin; + // Technically this is not the plugin, but in practice almost all of the functionality is in this + // class so it is given the simpler name. private GoogleSignInPlugin.Delegate plugin; private AutoCloseable mockCloseable; @Before public void setUp() { mockCloseable = MockitoAnnotations.openMocks(this); + + // Wire up basic mock functionality that is not test-specific. when(mockContext.getResources()).thenReturn(mockResources); - plugin = new GoogleSignInPlugin.Delegate(mockContext, mockGoogleSignIn); + when(mockGenericCredential.getType()) + .thenReturn(GoogleIdTokenCredential.TYPE_GOOGLE_ID_TOKEN_CREDENTIAL); + when(mockAuthorizationTask.addOnSuccessListener(any())).thenReturn(mockAuthorizationTask); + when(mockAuthorizationTask.addOnFailureListener(any())).thenReturn(mockAuthorizationTask); + when(mockAuthorizationIntent.getIntentSender()).thenReturn(mockAuthorizationIntentSender); + when(mockActivityPluginBinding.getActivity()).thenReturn(mockActivity); + + plugin = + new GoogleSignInPlugin.Delegate( + mockContext, + (Context c) -> mockCredentialManager, + (Context c) -> mockAuthorizationClient, + (Credential cred) -> mockGoogleCredential); } @After @@ -66,327 +105,956 @@ public void tearDown() throws Exception { } @Test - public void requestScopes_ResultErrorIfAccountIsNull() { - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(null); + public void onAttachedToActivity_updatesDelegate() { + flutterPlugin = new GoogleSignInPlugin(); + flutterPlugin.initWithDelegate(mock(io.flutter.plugin.common.BinaryMessenger.class), plugin); + flutterPlugin.onAttachedToActivity(mockActivityPluginBinding); - plugin.requestScopes(Collections.singletonList("requestedScope"), boolResult); + verify(mockActivityPluginBinding).addActivityResultListener(plugin); + assertEquals(mockActivity, plugin.getActivity()); + } + + @Test + public void onDetachedFromActivity_updatesDelegate() { + flutterPlugin = new GoogleSignInPlugin(); + flutterPlugin.initWithDelegate(mock(io.flutter.plugin.common.BinaryMessenger.class), plugin); + flutterPlugin.onAttachedToActivity(mockActivityPluginBinding); + flutterPlugin.onDetachedFromActivity(); - ArgumentCaptor resultCaptor = ArgumentCaptor.forClass(Throwable.class); - verify(boolResult).error(resultCaptor.capture()); - FlutterError error = (FlutterError) resultCaptor.getValue(); - Assert.assertEquals("sign_in_required", error.code); - Assert.assertEquals("No account to grant scopes.", error.getMessage()); + verify(mockActivityPluginBinding).removeActivityResultListener(plugin); + assertNull(plugin.getActivity()); } @Test - public void requestScopes_ResultTrueIfAlreadyGranted() { - Scope requestedScope = new Scope("requestedScope"); - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(account); - when(account.getGrantedScopes()).thenReturn(Collections.singleton(requestedScope)); - when(mockGoogleSignIn.hasPermissions(account, requestedScope)).thenReturn(true); + public void onReattachedToActivityForConfigChanges_updatesDelegate() { + flutterPlugin = new GoogleSignInPlugin(); + flutterPlugin.initWithDelegate(mock(io.flutter.plugin.common.BinaryMessenger.class), plugin); + flutterPlugin.onReattachedToActivityForConfigChanges(mockActivityPluginBinding); - plugin.requestScopes(Collections.singletonList("requestedScope"), boolResult); + verify(mockActivityPluginBinding).addActivityResultListener(plugin); + assertEquals(mockActivity, plugin.getActivity()); + } + + @Test + public void onDetachedFromActivityForConfigChanges_updatesDelegate() { + flutterPlugin = new GoogleSignInPlugin(); + flutterPlugin.initWithDelegate(mock(io.flutter.plugin.common.BinaryMessenger.class), plugin); + flutterPlugin.onAttachedToActivity(mockActivityPluginBinding); + flutterPlugin.onDetachedFromActivityForConfigChanges(); - verify(boolResult).success(true); + verify(mockActivityPluginBinding).removeActivityResultListener(plugin); + assertNull(plugin.getActivity()); } @Test - public void requestScopes_RequestsPermissionIfNotGranted() { - Scope requestedScope = new Scope("requestedScope"); - plugin.setActivity(mockActivity); - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(account); - when(account.getGrantedScopes()).thenReturn(Collections.singleton(requestedScope)); - when(mockGoogleSignIn.hasPermissions(account, requestedScope)).thenReturn(false); + public void getGoogleServicesJsonServerClientId_loadsServerClientIdFromResources() { + final String packageName = "fakePackageName"; + final String serverClientId = "fakeServerClientId"; + final int resourceId = 1; + when(mockContext.getPackageName()).thenReturn(packageName); + when(mockResources.getIdentifier("default_web_client_id", "string", packageName)) + .thenReturn(resourceId); + when(mockContext.getString(resourceId)).thenReturn(serverClientId); + + final String returnedId = plugin.getGoogleServicesJsonServerClientId(); + assertEquals(serverClientId, returnedId); + } - plugin.requestScopes(Collections.singletonList("requestedScope"), boolResult); + @Test + public void getGoogleServicesJsonServerClientId_returnsNullIfNotFound() { + final String packageName = "fakePackageName"; + when(mockContext.getPackageName()).thenReturn(packageName); + when(mockResources.getIdentifier("default_web_client_id", "string", packageName)).thenReturn(0); - verify(mockGoogleSignIn) - .requestPermissions(mockActivity, 53295, account, new Scope[] {requestedScope}); + final String returnedId = plugin.getGoogleServicesJsonServerClientId(); + assertNull(returnedId); } @Test - public void requestScopes_ReturnsFalseIfPermissionDenied() { - Scope requestedScope = new Scope("requestedScope"); + public void getCredential_returnsAuthenticationInfo() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final String displayName = "Jane User"; + final String givenName = "Jane"; + final String familyName = "User"; + final String id = "someId"; + final String idToken = "idToken"; + when(mockGoogleCredential.getDisplayName()).thenReturn(displayName); + when(mockGoogleCredential.getGivenName()).thenReturn(givenName); + when(mockGoogleCredential.getFamilyName()).thenReturn(familyName); + when(mockGoogleCredential.getId()).thenReturn(id); + when(mockGoogleCredential.getIdToken()).thenReturn(idToken); - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(account); - when(account.getGrantedScopes()).thenReturn(Collections.singleton(requestedScope)); - when(mockGoogleSignIn.hasPermissions(account, requestedScope)).thenReturn(false); + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialSuccess); + PlatformGoogleIdTokenCredential credential = + ((GetCredentialSuccess) result).getCredential(); + assertEquals(displayName, credential.getDisplayName()); + assertEquals(givenName, credential.getGivenName()); + assertEquals(familyName, credential.getFamilyName()); + assertEquals(id, credential.getId()); + assertEquals(idToken, credential.getIdToken()); + return null; + })); - plugin.requestScopes(Collections.singletonList("requestedScope"), boolResult); - plugin.onActivityResult( - GoogleSignInPlugin.Delegate.REQUEST_CODE_REQUEST_SCOPE, - Activity.RESULT_CANCELED, - new Intent()); + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); - verify(boolResult).success(false); + callbackCaptor.getValue().onResult(new GetCredentialResponse(mockGenericCredential)); + assertTrue(callbackCalled[0]); } @Test - public void requestScopes_ReturnsTrueIfPermissionGranted() { - Scope requestedScope = new Scope("requestedScope"); + public void getCredential_usesGetSignInWithGoogleOptionForButtonFlow() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + true, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(account); - when(account.getGrantedScopes()).thenReturn(Collections.singleton(requestedScope)); - when(mockGoogleSignIn.hasPermissions(account, requestedScope)).thenReturn(false); + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + // No-op, since this test doesn't trigger the getCredentialsAsync callback that would + // call this. + return null; + })); - plugin.requestScopes(Collections.singletonList("requestedScope"), boolResult); - plugin.onActivityResult( - GoogleSignInPlugin.Delegate.REQUEST_CODE_REQUEST_SCOPE, Activity.RESULT_OK, new Intent()); + ArgumentCaptor captor = + ArgumentCaptor.forClass(GetCredentialRequest.class); + verify(mockCredentialManager) + .getCredentialAsync(eq(mockContext), captor.capture(), any(), any(), any()); - verify(boolResult).success(true); + assertEquals(1, captor.getValue().getCredentialOptions().size()); + assertTrue( + captor.getValue().getCredentialOptions().get(0) instanceof GetSignInWithGoogleOption); } @Test - public void requestScopes_mayBeCalledRepeatedly_ifAlreadyGranted() { - List requestedScopes = Collections.singletonList("requestedScope"); - Scope requestedScope = new Scope("requestedScope"); + public void getCredential_usesGetGoogleIdOptionForNonButtonFlow() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(account); - when(account.getGrantedScopes()).thenReturn(Collections.singleton(requestedScope)); - when(mockGoogleSignIn.hasPermissions(account, requestedScope)).thenReturn(false); + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + // This test doesn't trigger the getCredentialsAsync callback that would call this, + // so if this is reached something has gone wrong. + fail(); + return null; + })); - plugin.requestScopes(requestedScopes, boolResult); - plugin.onActivityResult( - GoogleSignInPlugin.Delegate.REQUEST_CODE_REQUEST_SCOPE, Activity.RESULT_OK, new Intent()); - plugin.requestScopes(requestedScopes, boolResult); - plugin.onActivityResult( - GoogleSignInPlugin.Delegate.REQUEST_CODE_REQUEST_SCOPE, Activity.RESULT_OK, new Intent()); + ArgumentCaptor captor = + ArgumentCaptor.forClass(GetCredentialRequest.class); + verify(mockCredentialManager) + .getCredentialAsync(eq(mockContext), captor.capture(), any(), any(), any()); - verify(boolResult, times(2)).success(true); + assertEquals(1, captor.getValue().getCredentialOptions().size()); + assertTrue(captor.getValue().getCredentialOptions().get(0) instanceof GetGoogleIdOption); } @Test - public void requestScopes_mayBeCalledRepeatedly_ifNotSignedIn() { - List requestedScopes = Collections.singletonList("requestedScope"); + public void getCredential_passesNonceInButtonFlow() { + final String nonce = "nonce"; + GetCredentialRequestParams params = + new GetCredentialRequestParams( + true, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + nonce); - when(mockGoogleSignIn.getLastSignedInAccount(mockContext)).thenReturn(null); + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + // This test doesn't trigger the getCredentialsAsync callback that would call this, + // so if this is reached something has gone wrong. + fail(); + return null; + })); - plugin.requestScopes(requestedScopes, boolResult); - plugin.onActivityResult( - GoogleSignInPlugin.Delegate.REQUEST_CODE_REQUEST_SCOPE, Activity.RESULT_OK, new Intent()); - plugin.requestScopes(requestedScopes, boolResult); - plugin.onActivityResult( - GoogleSignInPlugin.Delegate.REQUEST_CODE_REQUEST_SCOPE, Activity.RESULT_OK, new Intent()); + ArgumentCaptor captor = + ArgumentCaptor.forClass(GetCredentialRequest.class); + verify(mockCredentialManager) + .getCredentialAsync(eq(mockContext), captor.capture(), any(), any(), any()); - ArgumentCaptor resultCaptor = ArgumentCaptor.forClass(Throwable.class); - verify(boolResult, times(2)).error(resultCaptor.capture()); - List errors = resultCaptor.getAllValues(); - Assert.assertEquals(2, errors.size()); - FlutterError error = (FlutterError) errors.get(0); - Assert.assertEquals("sign_in_required", error.code); - Assert.assertEquals("No account to grant scopes.", error.getMessage()); - error = (FlutterError) errors.get(1); - Assert.assertEquals("sign_in_required", error.code); - Assert.assertEquals("No account to grant scopes.", error.getMessage()); + assertEquals(1, captor.getValue().getCredentialOptions().size()); + assertEquals( + nonce, + ((GetSignInWithGoogleOption) captor.getValue().getCredentialOptions().get(0)).getNonce()); } - @Test(expected = IllegalStateException.class) - public void signInThrowsWithoutActivity() { - final GoogleSignInPlugin.Delegate plugin = - new GoogleSignInPlugin.Delegate(mock(Context.class), mock(GoogleSignInWrapper.class)); + @Test + public void getCredential_passesNonceInNonButtonFlow() { + final String nonce = "nonce"; + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + nonce); + + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + // This test doesn't trigger the getCredentialsAsync callback that would call this, + // so if this is reached something has gone wrong. + fail(); + return null; + })); - plugin.signIn(userDataResult); + ArgumentCaptor captor = + ArgumentCaptor.forClass(GetCredentialRequest.class); + verify(mockCredentialManager) + .getCredentialAsync(eq(mockContext), captor.capture(), any(), any(), any()); + + assertEquals(1, captor.getValue().getCredentialOptions().size()); + assertEquals( + nonce, ((GetGoogleIdOption) captor.getValue().getCredentialOptions().get(0)).getNonce()); } @Test - public void signInSilentlyThatImmediatelyCompletesWithoutResultFinishesWithError() - throws ApiException { - final String clientId = "fakeClientId"; - InitParams params = buildInitParams(clientId, null); - initAndAssertServerClientId(params, clientId); - - ApiException exception = - new ApiException(new Status(CommonStatusCodes.SIGN_IN_REQUIRED, "Error text")); - when(mockClient.silentSignIn()).thenReturn(mockSignInTask); - when(mockSignInTask.isComplete()).thenReturn(true); - when(mockSignInTask.getResult(ApiException.class)).thenThrow(exception); - - plugin.signInSilently(userDataResult); - ArgumentCaptor resultCaptor = ArgumentCaptor.forClass(Throwable.class); - verify(userDataResult).error(resultCaptor.capture()); - FlutterError error = (FlutterError) resultCaptor.getValue(); - Assert.assertEquals("sign_in_required", error.code); - Assert.assertEquals( - "com.google.android.gms.common.api.ApiException: 4: Error text", error.getMessage()); + public void getCredential_reportsMissingServerClientId() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, new GetCredentialRequestGoogleIdOptionParams(false, false), null, null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.MISSING_SERVER_CLIENT_ID, failure.getType()); + return null; + })); + assertTrue(callbackCalled[0]); } @Test - public void init_LoadsServerClientIdFromResources() { - final String packageName = "fakePackageName"; - final String serverClientId = "fakeServerClientId"; - final int resourceId = 1; - InitParams params = buildInitParams(null, null); - when(mockContext.getPackageName()).thenReturn(packageName); - when(mockResources.getIdentifier("default_web_client_id", "string", packageName)) - .thenReturn(resourceId); - when(mockContext.getString(resourceId)).thenReturn(serverClientId); - initAndAssertServerClientId(params, serverClientId); + public void getCredential_reportsWrongCredentialType() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.UNEXPECTED_CREDENTIAL_TYPE, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); + + // PasswordCredential is used because it's easy to create without mocking; all that matters is + // that it's not a CustomCredential of type TYPE_GOOGLE_ID_TOKEN_CREDENTIAL. + callbackCaptor + .getValue() + .onResult(new GetCredentialResponse(new PasswordCredential("wrong", "type"))); + assertTrue(callbackCalled[0]); } @Test - public void init_InterpretsClientIdAsServerClientId() { - final String clientId = "fakeClientId"; - InitParams params = buildInitParams(clientId, null); - initAndAssertServerClientId(params, clientId); + public void getCredential_reportsCancellation() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.CANCELED, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); + + callbackCaptor.getValue().onError(new GetCredentialCancellationException()); + assertTrue(callbackCalled[0]); } @Test - public void init_ForwardsServerClientId() { - final String serverClientId = "fakeServerClientId"; - InitParams params = buildInitParams(null, serverClientId); - initAndAssertServerClientId(params, serverClientId); + public void getCredential_reportsInterrupted() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.INTERRUPTED, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); + + callbackCaptor.getValue().onError(new GetCredentialInterruptedException()); + assertTrue(callbackCalled[0]); } @Test - public void init_IgnoresClientIdIfServerClientIdIsProvided() { - final String clientId = "fakeClientId"; - final String serverClientId = "fakeServerClientId"; - InitParams params = buildInitParams(clientId, serverClientId); - initAndAssertServerClientId(params, serverClientId); + public void getCredential_reportsProviderConfigurationIssue() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals( + GetCredentialFailureType.PROVIDER_CONFIGURATION_ISSUE, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); + + callbackCaptor.getValue().onError(new GetCredentialProviderConfigurationException()); + assertTrue(callbackCalled[0]); } @Test - public void init_PassesForceCodeForRefreshTokenFalseWithServerClientIdParameter() { - InitParams params = buildInitParams("fakeClientId", "fakeServerClientId", false); + public void getCredential_reportsUnsupported() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); - initAndAssertForceCodeForRefreshToken(params, false); + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.UNSUPPORTED, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); + + callbackCaptor.getValue().onError(new GetCredentialUnsupportedException()); + assertTrue(callbackCalled[0]); } @Test - public void init_PassesForceCodeForRefreshTokenTrueWithServerClientIdParameter() { - InitParams params = buildInitParams("fakeClientId", "fakeServerClientId", true); + public void getCredential_reportsNoCredential() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.NO_CREDENTIAL, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); - initAndAssertForceCodeForRefreshToken(params, true); + callbackCaptor.getValue().onError(new NoCredentialException()); + assertTrue(callbackCalled[0]); } @Test - public void init_PassesForceCodeForRefreshTokenFalseWithServerClientIdFromResources() { - final String packageName = "fakePackageName"; - final String serverClientId = "fakeServerClientId"; - final int resourceId = 1; - InitParams params = buildInitParams(null, null, false); - when(mockContext.getPackageName()).thenReturn(packageName); - when(mockResources.getIdentifier("default_web_client_id", "string", packageName)) - .thenReturn(resourceId); - when(mockContext.getString(resourceId)).thenReturn(serverClientId); + public void getCredential_reportsUnknown() { + GetCredentialRequestParams params = + new GetCredentialRequestParams( + false, + new GetCredentialRequestGoogleIdOptionParams(false, false), + "serverClientId", + null); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.getCredential( + params, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + GetCredentialResult result = reply.getOrNull(); + assertTrue(result instanceof GetCredentialFailure); + GetCredentialFailure failure = (GetCredentialFailure) result; + assertEquals(GetCredentialFailureType.UNKNOWN, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> + callbackCaptor = ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .getCredentialAsync( + eq(mockContext), + any(GetCredentialRequest.class), + any(), + any(), + callbackCaptor.capture()); - initAndAssertForceCodeForRefreshToken(params, false); + callbackCaptor.getValue().onError(new GetCredentialUnknownException()); + assertTrue(callbackCalled[0]); } @Test - public void init_PassesForceCodeForRefreshTokenTrueWithServerClientIdFromResources() { - final String packageName = "fakePackageName"; - final String serverClientId = "fakeServerClientId"; - final int resourceId = 1; - InitParams params = buildInitParams(null, null, true); - when(mockContext.getPackageName()).thenReturn(packageName); - when(mockResources.getIdentifier("default_web_client_id", "string", packageName)) - .thenReturn(resourceId); - when(mockContext.getString(resourceId)).thenReturn(serverClientId); + public void authorize_passesNullParamaters() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + final String accessToken = "accessToken"; + final String serverAuthCode = "serverAuthCode"; + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); - initAndAssertForceCodeForRefreshToken(params, true); + plugin.authorize( + params, + false, + ResultCompat.asCompatCallback( + reply -> { + // This test doesn't trigger the getCredentialsAsync callback that would call this, + // so if this is reached something has gone wrong. + fail(); + return null; + })); + + ArgumentCaptor authRequestCaptor = + ArgumentCaptor.forClass(AuthorizationRequest.class); + verify(mockAuthorizationClient).authorize(authRequestCaptor.capture()); + + AuthorizationRequest request = authRequestCaptor.getValue(); + assertNull(request.getHostedDomain()); + assertNull(request.getServerClientId()); + assertNull(request.getAccount()); } @Test - public void init_PassesForceAccountName() { - String fakeAccountName = "fakeEmailAddress@example.com"; + public void authorize_passesOptionalParameters() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + final String hostedDomain = "example.com"; + final String accountEmail = "someone@example.com"; + final String serverClientId = "serverClientId"; + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, hostedDomain, accountEmail, serverClientId); - try (MockedConstruction mocked = - Mockito.mockConstruction( - Account.class, - (mock, context) -> { - when(mock.toString()).thenReturn(fakeAccountName); - })) { - InitParams params = buildInitParams("fakeClientId", "fakeServerClientId2", fakeAccountName); + final String accessToken = "accessToken"; + final String serverAuthCode = "serverAuthCode"; + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); - initAndAssertForceAccountName(params, fakeAccountName); + plugin.authorize( + params, + false, + ResultCompat.asCompatCallback( + reply -> { + // This test doesn't trigger the getCredentialsAsync callback that would call this, + // so if this is reached something has gone wrong. + fail(); + return null; + })); - List constructed = mocked.constructed(); - Assert.assertEquals(1, constructed.size()); - } + ArgumentCaptor authRequestCaptor = + ArgumentCaptor.forClass(AuthorizationRequest.class); + verify(mockAuthorizationClient).authorize(authRequestCaptor.capture()); + + AuthorizationRequest request = authRequestCaptor.getValue(); + assertEquals(hostedDomain, request.getHostedDomain()); + assertEquals(serverClientId, request.getServerClientId()); + // Account is mostly opaque, so just verify that one was set if an email was provided. + assertNotNull(request.getAccount()); } - public void initAndAssertServerClientId(InitParams params, String serverClientId) { - ArgumentCaptor optionsCaptor = - ArgumentCaptor.forClass(GoogleSignInOptions.class); - when(mockGoogleSignIn.getClient(any(Context.class), optionsCaptor.capture())) - .thenReturn(mockClient); - plugin.init(params); - Assert.assertEquals(serverClientId, optionsCaptor.getValue().getServerClientId()); - } - - public void initAndAssertForceCodeForRefreshToken( - InitParams params, boolean forceCodeForRefreshToken) { - ArgumentCaptor optionsCaptor = - ArgumentCaptor.forClass(GoogleSignInOptions.class); - when(mockGoogleSignIn.getClient(any(Context.class), optionsCaptor.capture())) - .thenReturn(mockClient); - plugin.init(params); - Assert.assertEquals( - forceCodeForRefreshToken, optionsCaptor.getValue().isForceCodeForRefreshToken()); - } - - public void initAndAssertForceAccountName(InitParams params, String forceAccountName) { - ArgumentCaptor optionsCaptor = - ArgumentCaptor.forClass(GoogleSignInOptions.class); - when(mockGoogleSignIn.getClient(any(Context.class), optionsCaptor.capture())) - .thenReturn(mockClient); - plugin.init(params); - Assert.assertEquals(forceAccountName, optionsCaptor.getValue().getAccount().toString()); - } - - private static InitParams buildInitParams(String clientId, String serverClientId) { - return buildInitParams( - Messages.SignInType.STANDARD, - Collections.emptyList(), - clientId, - serverClientId, + @Test + public void authorize_returnsImmediateResult() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + final String accessToken = "accessToken"; + final String serverAuthCode = "serverAuthCode"; + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, + false, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof PlatformAuthorizationResult); + PlatformAuthorizationResult auth = (PlatformAuthorizationResult) result; + assertEquals(accessToken, auth.getAccessToken()); + assertEquals(serverAuthCode, auth.getServerAuthCode()); + assertEquals(scopes, auth.getGrantedScopes()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(OnSuccessListener.class); + verify(mockAuthorizationTask).addOnSuccessListener(callbackCaptor.capture()); + + callbackCaptor + .getValue() + .onSuccess( + new AuthorizationResult(serverAuthCode, accessToken, "idToken", scopes, null, null)); + assertTrue(callbackCalled[0]); + } + + @Test + public void authorize_reportsImmediateException() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + when(mockAuthorizationClient.authorize(any())).thenThrow(new RuntimeException()); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, false, - null); - } - - private static InitParams buildInitParams( - String clientId, String serverClientId, boolean forceCodeForRefreshToken) { - return buildInitParams( - Messages.SignInType.STANDARD, - Collections.emptyList(), - clientId, - serverClientId, - forceCodeForRefreshToken, - null); - } - - private static InitParams buildInitParams( - String clientId, String serverClientId, String forceAccountName) { - return buildInitParams( - Messages.SignInType.STANDARD, - Collections.emptyList(), - clientId, - serverClientId, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof AuthorizeFailure); + AuthorizeFailure failure = (AuthorizeFailure) result; + assertEquals(AuthorizeFailureType.API_EXCEPTION, failure.getType()); + return null; + })); + + assertTrue(callbackCalled[0]); + } + + @Test + public void authorize_reportsFailureIfUnauthorizedAndNoPromptAllowed() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); + + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, false, - forceAccountName); - } - - private static InitParams buildInitParams( - Messages.SignInType signInType, - List scopes, - String clientId, - String serverClientId, - boolean forceCodeForRefreshToken, - String forceAccountName) { - InitParams.Builder builder = new InitParams.Builder(); - builder.setSignInType(signInType); - builder.setScopes(scopes); - if (clientId != null) { - builder.setClientId(clientId); + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof AuthorizeFailure); + AuthorizeFailure failure = (AuthorizeFailure) result; + assertEquals(AuthorizeFailureType.UNAUTHORIZED, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(OnSuccessListener.class); + verify(mockAuthorizationTask).addOnSuccessListener(callbackCaptor.capture()); + + callbackCaptor + .getValue() + .onSuccess( + new AuthorizationResult(null, null, null, scopes, null, mockAuthorizationIntent)); + assertTrue(callbackCalled[0]); + } + + @Test + public void authorize_reportsFailureIfUnauthorizedAndNoActivity() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); + + plugin.setActivity(null); + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, + true, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof AuthorizeFailure); + AuthorizeFailure failure = (AuthorizeFailure) result; + assertEquals(AuthorizeFailureType.NO_ACTIVITY, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(OnSuccessListener.class); + verify(mockAuthorizationTask).addOnSuccessListener(callbackCaptor.capture()); + + callbackCaptor + .getValue() + .onSuccess( + new AuthorizationResult(null, null, null, scopes, null, mockAuthorizationIntent)); + assertTrue(callbackCalled[0]); + } + + @Test + public void authorize_returnsPostIntentResult() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + final String accessToken = "accessToken"; + final String serverAuthCode = "serverAuthCode"; + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); + try { + when(mockAuthorizationClient.getAuthorizationResultFromIntent(any())) + .thenReturn( + new AuthorizationResult(serverAuthCode, accessToken, "idToken", scopes, null, null)); + } catch (ApiException e) { + fail(); } - if (serverClientId != null) { - builder.setServerClientId(serverClientId); + + plugin.setActivity(mockActivity); + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, + true, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof PlatformAuthorizationResult); + PlatformAuthorizationResult auth = (PlatformAuthorizationResult) result; + assertEquals(accessToken, auth.getAccessToken()); + assertEquals(serverAuthCode, auth.getServerAuthCode()); + assertEquals(scopes, auth.getGrantedScopes()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(OnSuccessListener.class); + verify(mockAuthorizationTask).addOnSuccessListener(callbackCaptor.capture()); + callbackCaptor + .getValue() + .onSuccess( + new AuthorizationResult(null, null, null, scopes, null, mockAuthorizationIntent)); + try { + verify(mockActivity) + .startIntentSenderForResult( + mockAuthorizationIntent.getIntentSender(), + GoogleSignInPlugin.Delegate.REQUEST_CODE_AUTHORIZE, + null, + 0, + 0, + 0, + null); + } catch (IntentSender.SendIntentException e) { + fail(); + } + // Simulate the UI flow completing. The intent data can be null here because the mock of + // mockAuthorizationClient.getAuthorizationResultFromIntent above ignores the parameter. + plugin.onActivityResult(GoogleSignInPlugin.Delegate.REQUEST_CODE_AUTHORIZE, 0, null); + + assertTrue(callbackCalled[0]); + } + + @Test + public void authorize_reportsPendingIntentException() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); + try { + doThrow(new IntentSender.SendIntentException()) + .when(mockActivity) + .startIntentSenderForResult( + mockAuthorizationIntentSender, + GoogleSignInPlugin.Delegate.REQUEST_CODE_AUTHORIZE, + null, + 0, + 0, + 0, + null); + } catch (IntentSender.SendIntentException e) { + fail(); + } + + plugin.setActivity(mockActivity); + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, + true, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof AuthorizeFailure); + AuthorizeFailure failure = (AuthorizeFailure) result; + assertEquals(AuthorizeFailureType.PENDING_INTENT_EXCEPTION, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(OnSuccessListener.class); + verify(mockAuthorizationTask).addOnSuccessListener(callbackCaptor.capture()); + callbackCaptor + .getValue() + .onSuccess( + new AuthorizationResult(null, null, null, scopes, null, mockAuthorizationIntent)); + + assertTrue(callbackCalled[0]); + } + + @Test + public void authorize_reportsPostIntentException() { + final List scopes = new ArrayList<>(Arrays.asList("scope1", "scope1")); + PlatformAuthorizationRequest params = + new PlatformAuthorizationRequest(scopes, null, null, null); + + when(mockAuthorizationClient.authorize(any())).thenReturn(mockAuthorizationTask); + try { + when(mockAuthorizationClient.getAuthorizationResultFromIntent(any())) + .thenThrow(new ApiException(Status.RESULT_INTERNAL_ERROR)); + } catch (ApiException e) { + fail(); } - builder.setForceCodeForRefreshToken(forceCodeForRefreshToken); - if (forceAccountName != null) { - builder.setForceAccountName(forceAccountName); + + plugin.setActivity(mockActivity); + final Boolean[] callbackCalled = new Boolean[1]; + plugin.authorize( + params, + true, + ResultCompat.asCompatCallback( + reply -> { + callbackCalled[0] = true; + // This failure is a structured return value, not an exception. + assertTrue(reply.isSuccess()); + AuthorizeResult result = reply.getOrNull(); + assertTrue(result instanceof AuthorizeFailure); + AuthorizeFailure failure = (AuthorizeFailure) result; + assertEquals(AuthorizeFailureType.API_EXCEPTION, failure.getType()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(OnSuccessListener.class); + verify(mockAuthorizationTask).addOnSuccessListener(callbackCaptor.capture()); + callbackCaptor + .getValue() + .onSuccess( + new AuthorizationResult(null, null, null, scopes, null, mockAuthorizationIntent)); + try { + verify(mockActivity) + .startIntentSenderForResult( + mockAuthorizationIntent.getIntentSender(), + GoogleSignInPlugin.Delegate.REQUEST_CODE_AUTHORIZE, + null, + 0, + 0, + 0, + null); + } catch (IntentSender.SendIntentException e) { + fail(); } - return builder.build(); + // Simulate the UI flow completing. The intent data can be null here because the mock of + // mockAuthorizationClient.getAuthorizationResultFromIntent above ignores the parameter. + plugin.onActivityResult(GoogleSignInPlugin.Delegate.REQUEST_CODE_AUTHORIZE, 0, null); + + assertTrue(callbackCalled[0]); + } + + @Test + public void clearCredentialState_reportsSuccess() { + plugin.clearCredentialState( + ResultCompat.asCompatCallback( + reply -> { + assertTrue(reply.isSuccess()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .clearCredentialStateAsync( + any(ClearCredentialStateRequest.class), any(), any(), callbackCaptor.capture()); + + callbackCaptor.getValue().onResult(null); + } + + @Test + public void clearCredentialState_reportsFailure() { + plugin.clearCredentialState( + ResultCompat.asCompatCallback( + reply -> { + assertTrue(reply.isFailure()); + return null; + })); + + @SuppressWarnings("unchecked") + ArgumentCaptor> callbackCaptor = + ArgumentCaptor.forClass(CredentialManagerCallback.class); + verify(mockCredentialManager) + .clearCredentialStateAsync( + any(ClearCredentialStateRequest.class), any(), any(), callbackCaptor.capture()); + + callbackCaptor.getValue().onError(mock(ClearCredentialException.class)); } } diff --git a/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/TestResultUtils.kt b/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/TestResultUtils.kt new file mode 100644 index 00000000000..e6b8e965b97 --- /dev/null +++ b/packages/google_sign_in/google_sign_in_android/android/src/test/java/io/flutter/plugins/googlesignin/TestResultUtils.kt @@ -0,0 +1,35 @@ +// Copyright 2013 The Flutter Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +package io.flutter.plugins.googlesignin + +/** Wraps Kotlin Result for use in Java unit tests. */ +@Suppress("UNCHECKED_CAST") +class ResultCompat(private val result: Result) { + private val value: T? = result.getOrNull() + private val exception = result.exceptionOrNull() + val isSuccess = result.isSuccess + val isFailure = result.isFailure + + companion object { + @JvmStatic + fun success(value: T, callback: Any) { + val castedCallback: (Result) -> Unit = callback as (Result) -> Unit + castedCallback(Result.success(value)) + } + + @JvmStatic + fun asCompatCallback(result: (ResultCompat) -> Unit): (Result) -> Unit { + return { result(ResultCompat(it)) } + } + } + + fun getOrNull(): T? { + return value + } + + fun exceptionOrNull(): Throwable? { + return exception + } +} diff --git a/packages/google_sign_in/google_sign_in_android/example/android/app/build.gradle b/packages/google_sign_in/google_sign_in_android/example/android/app/build.gradle index 3c1e0dee00b..d4ecd0ece47 100644 --- a/packages/google_sign_in/google_sign_in_android/example/android/app/build.gradle +++ b/packages/google_sign_in/google_sign_in_android/example/android/app/build.gradle @@ -2,6 +2,7 @@ plugins { id "com.android.application" id "org.jetbrains.kotlin.android" id "dev.flutter.flutter-gradle-plugin" + id 'com.google.gms.google-services' } def localProperties = new Properties() diff --git a/packages/google_sign_in/google_sign_in_android/example/android/build.gradle b/packages/google_sign_in/google_sign_in_android/example/android/build.gradle index b812ba73567..92a39343e0d 100644 --- a/packages/google_sign_in/google_sign_in_android/example/android/build.gradle +++ b/packages/google_sign_in/google_sign_in_android/example/android/build.gradle @@ -1,3 +1,7 @@ +plugins { + id 'com.google.gms.google-services' version '4.4.2' apply false +} + allprojects { repositories { // See https://github.com/flutter/flutter/blob/master/docs/ecosystem/Plugins-and-Packages-repository-structure.md#gradle-structure for more info. diff --git a/packages/google_sign_in/google_sign_in_android/example/integration_test/google_sign_in_test.dart b/packages/google_sign_in/google_sign_in_android/example/integration_test/google_sign_in_test.dart index f1388ce86d6..134c6ab5811 100644 --- a/packages/google_sign_in/google_sign_in_android/example/integration_test/google_sign_in_test.dart +++ b/packages/google_sign_in/google_sign_in_android/example/integration_test/google_sign_in_test.dart @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +import 'package:flutter/services.dart'; import 'package:flutter_test/flutter_test.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; import 'package:integration_test/integration_test.dart'; @@ -9,16 +10,24 @@ import 'package:integration_test/integration_test.dart'; void main() { IntegrationTestWidgetsFlutterBinding.ensureInitialized(); - testWidgets('Can initialize the plugin', (WidgetTester tester) async { + testWidgets('Can instantiate the plugin', (WidgetTester tester) async { final GoogleSignInPlatform signIn = GoogleSignInPlatform.instance; expect(signIn, isNotNull); }); testWidgets('Method channel handler is present', (WidgetTester tester) async { - // isSignedIn can be called without initialization, so use it to validate - // that the native method handler is present (e.g., that the channel name - // is correct). + // Validate that the native method handler is present and configured. final GoogleSignInPlatform signIn = GoogleSignInPlatform.instance; - await expectLater(signIn.isSignedIn(), completes); + try { + await signIn.signOut(const SignOutParams()); + } on PlatformException catch (e) { + if (e.code == 'Clear Failed') { + // This is thrown when running on a device or emulator without Google + // Sign in support. It comes from a call into the SDK, so is fine for + // the purposes of this test since it means the native handler ran. + } else { + fail('Unexpected exception: e'); + } + } }); } diff --git a/packages/google_sign_in/google_sign_in_android/example/lib/main.dart b/packages/google_sign_in/google_sign_in_android/example/lib/main.dart index 9403f62f619..3a177c19ff3 100644 --- a/packages/google_sign_in/google_sign_in_android/example/lib/main.dart +++ b/packages/google_sign_in/google_sign_in_android/example/lib/main.dart @@ -8,10 +8,13 @@ import 'dart:async'; import 'dart:convert' show json; import 'package:flutter/material.dart'; -import 'package:flutter/services.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; import 'package:http/http.dart' as http; +const List _scopes = [ + 'https://www.googleapis.com/auth/contacts.readonly', +]; + void main() { runApp( const MaterialApp( @@ -30,7 +33,9 @@ class SignInDemo extends StatefulWidget { class SignInDemoState extends State { GoogleSignInUserData? _currentUser; + bool _isAuthorized = false; String _contactText = ''; + String _errorMessage = ''; // Future that completes when `init` has completed on the sign in instance. Future? _initialization; @@ -41,13 +46,10 @@ class SignInDemoState extends State { } Future _ensureInitialized() { + // The example app uses the parsing of values from google-services.json + // to provide the serverClientId, otherwise it would be required here. return _initialization ??= - GoogleSignInPlatform.instance.initWithParams(const SignInInitParameters( - scopes: [ - 'email', - 'https://www.googleapis.com/auth/contacts.readonly', - ], - )) + GoogleSignInPlatform.instance.init(const InitParameters()) ..catchError((dynamic _) { _initialization = null; }); @@ -56,33 +58,71 @@ class SignInDemoState extends State { void _setUser(GoogleSignInUserData? user) { setState(() { _currentUser = user; - if (user != null) { - _handleGetContact(user); - } }); + if (user != null) { + // Try getting contacts, in case authorization is already granted. + _handleGetContact(user); + } } Future _signIn() async { await _ensureInitialized(); - final GoogleSignInUserData? newUser = - await GoogleSignInPlatform.instance.signInSilently(); - _setUser(newUser); + try { + final AuthenticationResults? result = await GoogleSignInPlatform.instance + .attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + _setUser(result?.user); + } on GoogleSignInException catch (e) { + setState(() { + _errorMessage = e.code == GoogleSignInExceptionCode.canceled + ? '' + : 'GoogleSignInException ${e.code}: ${e.description}'; + }); + } } - Future> _getAuthHeaders() async { - final GoogleSignInUserData? user = _currentUser; - if (user == null) { - throw StateError('No user signed in'); + Future _handleAuthorizeScopes(GoogleSignInUserData user) async { + try { + final ClientAuthorizationTokenData? tokens = await GoogleSignInPlatform + .instance + .clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: _scopes, + userId: user.id, + email: user.email, + promptIfUnauthorized: true))); + + setState(() { + _isAuthorized = tokens != null; + _errorMessage = ''; + }); + if (_isAuthorized) { + unawaited(_handleGetContact(user)); + } + } on GoogleSignInException catch (e) { + setState(() { + _errorMessage = 'GoogleSignInException ${e.code}: ${e.description}'; + }); } + } - final GoogleSignInTokenData response = - await GoogleSignInPlatform.instance.getTokens( - email: user.email, - shouldRecoverAuth: true, - ); + Future?> _getAuthHeaders( + GoogleSignInUserData user) async { + final ClientAuthorizationTokenData? tokens = + await GoogleSignInPlatform.instance.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: _scopes, + userId: user.id, + email: user.email, + promptIfUnauthorized: false))); + if (tokens == null) { + return null; + } return { - 'Authorization': 'Bearer ${response.accessToken}', + 'Authorization': 'Bearer ${tokens.accessToken}', // TODO(kevmoo): Use the correct value once it's available. // See https://github.com/flutter/flutter/issues/80905 'X-Goog-AuthUser': '0', @@ -93,10 +133,17 @@ class SignInDemoState extends State { setState(() { _contactText = 'Loading contact info...'; }); + final Map? headers = await _getAuthHeaders(user); + setState(() { + _isAuthorized = headers != null; + }); + if (headers == null) { + return; + } final http.Response response = await http.get( Uri.parse('https://people.googleapis.com/v1/people/me/connections' '?requestMask.includeField=person.names'), - headers: await _getAuthHeaders(), + headers: headers, ); if (response.statusCode != 200) { setState(() { @@ -118,55 +165,63 @@ class SignInDemoState extends State { Future _handleSignIn() async { try { await _ensureInitialized(); - _setUser(await GoogleSignInPlatform.instance.signIn()); - } catch (error) { - final bool canceled = - error is PlatformException && error.code == 'sign_in_canceled'; - if (!canceled) { - print(error); - } + final AuthenticationResults result = await GoogleSignInPlatform.instance + .authenticate(const AuthenticateParameters()); + _setUser(result.user); + } on GoogleSignInException catch (e) { + setState(() { + _errorMessage = e.code == GoogleSignInExceptionCode.canceled + ? '' + : 'GoogleSignInException ${e.code}: ${e.description}'; + }); } } Future _handleSignOut() async { await _ensureInitialized(); - await GoogleSignInPlatform.instance.disconnect(); + await GoogleSignInPlatform.instance.disconnect(const DisconnectParams()); } Widget _buildBody() { final GoogleSignInUserData? user = _currentUser; - if (user != null) { - return Column( - mainAxisAlignment: MainAxisAlignment.spaceAround, - children: [ + return Column( + mainAxisAlignment: MainAxisAlignment.spaceAround, + children: [ + if (user != null) ...[ ListTile( title: Text(user.displayName ?? ''), subtitle: Text(user.email), ), const Text('Signed in successfully.'), - Text(_contactText), ElevatedButton( onPressed: _handleSignOut, child: const Text('SIGN OUT'), ), - ElevatedButton( - child: const Text('REFRESH'), - onPressed: () => _handleGetContact(user), - ), - ], - ); - } else { - return Column( - mainAxisAlignment: MainAxisAlignment.spaceAround, - children: [ + if (_isAuthorized) ...[ + // The user has Authorized all required scopes. + if (_contactText.isNotEmpty) Text(_contactText), + ElevatedButton( + child: const Text('REFRESH'), + onPressed: () => _handleGetContact(user), + ), + ] else ...[ + // The user has NOT Authorized all required scopes. + const Text('Authorization needed to read your contacts.'), + ElevatedButton( + onPressed: () => _handleAuthorizeScopes(user), + child: const Text('REQUEST PERMISSIONS'), + ), + ], + ] else ...[ const Text('You are not currently signed in.'), ElevatedButton( onPressed: _handleSignIn, child: const Text('SIGN IN'), ), ], - ); - } + if (_errorMessage.isNotEmpty) Text(_errorMessage), + ], + ); } @override diff --git a/packages/google_sign_in/google_sign_in_android/example/pubspec.yaml b/packages/google_sign_in/google_sign_in_android/example/pubspec.yaml index 20dcc23b8f0..a8c19eb232a 100644 --- a/packages/google_sign_in/google_sign_in_android/example/pubspec.yaml +++ b/packages/google_sign_in/google_sign_in_android/example/pubspec.yaml @@ -16,7 +16,7 @@ dependencies: # The example app is bundled with the plugin so we use a path dependency on # the parent directory to use the current plugin's version. path: ../ - google_sign_in_platform_interface: ^2.5.0 + google_sign_in_platform_interface: ^3.0.0 http: ">=0.13.0 <2.0.0" dev_dependencies: diff --git a/packages/google_sign_in/google_sign_in_android/lib/google_sign_in_android.dart b/packages/google_sign_in/google_sign_in_android/lib/google_sign_in_android.dart index a064fba20de..f22e58dac86 100644 --- a/packages/google_sign_in/google_sign_in_android/lib/google_sign_in_android.dart +++ b/packages/google_sign_in/google_sign_in_android/lib/google_sign_in_android.dart @@ -3,6 +3,7 @@ // found in the LICENSE file. import 'dart:async'; +import 'dart:convert'; import 'package:flutter/foundation.dart' show visibleForTesting; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; @@ -14,9 +15,13 @@ class GoogleSignInAndroid extends GoogleSignInPlatform { /// Creates a new plugin implementation instance. GoogleSignInAndroid({ @visibleForTesting GoogleSignInApi? api, - }) : _api = api ?? GoogleSignInApi(); + }) : _hostApi = api ?? GoogleSignInApi(); - final GoogleSignInApi _api; + final GoogleSignInApi _hostApi; + + String? _serverClientId; + String? _hostedDomain; + String? _nonce; /// Registers this class as the default instance of [GoogleSignInPlatform]. static void registerWith() { @@ -24,101 +29,277 @@ class GoogleSignInAndroid extends GoogleSignInPlatform { } @override - Future init({ - List scopes = const [], - SignInOption signInOption = SignInOption.standard, - String? hostedDomain, - String? clientId, - String? forceAccountName, - }) { - return initWithParams(SignInInitParameters( - signInOption: signInOption, - scopes: scopes, - hostedDomain: hostedDomain, - clientId: clientId, - forceAccountName: forceAccountName, - )); + Future init(InitParameters params) async { + _hostedDomain = params.hostedDomain; + _serverClientId = params.serverClientId ?? + await _hostApi.getGoogleServicesJsonServerClientId(); + _nonce = params.nonce; + // The clientId parameter is not supported on Android. + // Android apps are identified by their package name and the SHA-1 of their signing key. } @override - Future initWithParams(SignInInitParameters params) { - return _api.init(InitParams( - signInType: _signInTypeForOption(params.signInOption), - scopes: params.scopes, - hostedDomain: params.hostedDomain, - clientId: params.clientId, - serverClientId: params.serverClientId, - forceCodeForRefreshToken: params.forceCodeForRefreshToken, - forceAccountName: params.forceAccountName, - )); + Future attemptLightweightAuthentication( + AttemptLightweightAuthenticationParameters params) async { + // Attempt to auto-sign-in, for single-account or returning users. + PlatformGoogleIdTokenCredential? credential = await _authenticate( + useButtonFlow: false, + nonButtonFlowOptions: _LightweightAuthenticationOptions( + filterToAuthorized: true, + autoSelectEnabled: true, + ), + ); + // If no auto-sign-in is available, potentially prompt for an account via + // the bottom sheet flow. + credential ??= await _authenticate( + useButtonFlow: false, + nonButtonFlowOptions: _LightweightAuthenticationOptions( + filterToAuthorized: false, + autoSelectEnabled: false, + ), + ); + return credential == null + ? null + : _authenticationResultFromPlatformCredential(credential); } @override - Future signInSilently() { - return _api.signInSilently().then(_signInUserDataFromChannelData); - } + bool supportsAuthenticate() => true; @override - Future signIn() { - return _api.signIn().then(_signInUserDataFromChannelData); + Future authenticate( + AuthenticateParameters params) async { + // Attempt to authorize with minimal interaction. + final PlatformGoogleIdTokenCredential? credential = await _authenticate( + useButtonFlow: true, + throwForNoAuth: true, + // Ignored, since useButtonFlow is true. + nonButtonFlowOptions: _LightweightAuthenticationOptions( + filterToAuthorized: false, + autoSelectEnabled: false, + ), + ); + // It's not clear from the documentation if this can happen; if it does, + // no information is available + if (credential == null) { + throw const GoogleSignInException( + code: GoogleSignInExceptionCode.unknownError, + description: 'Authenticate returned no credential without an error'); + } + return _authenticationResultFromPlatformCredential(credential); } @override - Future getTokens( - {required String email, bool? shouldRecoverAuth = true}) { - return _api - .getAccessToken(email, shouldRecoverAuth ?? true) - .then((String result) => GoogleSignInTokenData( - accessToken: result, - )); + Future signOut(SignOutParams params) { + return _hostApi.clearCredentialState(); } @override - Future signOut() { - return _api.signOut(); + Future disconnect(DisconnectParams params) async { + // TODO(stuartmorgan): Implement this once Credential Manager adds the + // necessary API (or temporarily implement it with the deprecated SDK if + // it becomes a significant issue before the API is added). + // https://github.com/flutter/flutter/issues/169612 + await signOut(const SignOutParams()); } @override - Future disconnect() { - return _api.disconnect(); - } + bool authorizationRequiresUserInteraction() => false; @override - Future isSignedIn() { - return _api.isSignedIn(); + Future clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters params) async { + final (:String? accessToken, :String? serverAuthCode) = + await _authorize(params.request, requestOfflineAccess: false); + return accessToken == null + ? null + : ClientAuthorizationTokenData(accessToken: accessToken); } @override - Future clearAuthCache({required String token}) { - return _api.clearAuthCache(token); + Future serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters params) async { + final (:String? accessToken, :String? serverAuthCode) = + await _authorize(params.request, requestOfflineAccess: true); + return serverAuthCode == null + ? null + : ServerAuthorizationTokenData(serverAuthCode: serverAuthCode); } - @override - Future requestScopes(List scopes) { - return _api.requestScopes(scopes); + /// Authenticates with the platform credential manager using either the + /// button-initiated flow (useButtonFlow = true, nonButtonFlowOptions are + /// ignored), or the lightweight flow (useButtonFlow = false, + /// nonButtonFlowOptions are used to configure the request). + /// + /// See https://developer.android.com/identity/sign-in/credential-manager-siwg + /// for discussion of the two different flows + Future _authenticate({ + required bool useButtonFlow, + required _LightweightAuthenticationOptions nonButtonFlowOptions, + bool throwForNoAuth = false, + }) async { + final GetCredentialResult authnResult = await _hostApi.getCredential( + GetCredentialRequestParams( + useButtonFlow: useButtonFlow, + googleIdOptionParams: GetCredentialRequestGoogleIdOptionParams( + filterToAuthorized: nonButtonFlowOptions.filterToAuthorized, + autoSelectEnabled: nonButtonFlowOptions.autoSelectEnabled), + serverClientId: _serverClientId, + nonce: _nonce)); + switch (authnResult) { + case GetCredentialFailure(): + String? message = authnResult.message; + final GoogleSignInExceptionCode code; + switch (authnResult.type) { + case GetCredentialFailureType.noCredential: + if (throwForNoAuth) { + code = GoogleSignInExceptionCode.unknownError; + message = 'No credential available: $message'; + } else { + return null; + } + case GetCredentialFailureType.unexpectedCredentialType: + // This should not actually be possible in practice, so it is + // grouped under providerConfigurationError instead of given a + // distinct code. + code = GoogleSignInExceptionCode.providerConfigurationError; + message = 'Unexpected credential type: $message'; + case GetCredentialFailureType.interrupted: + code = GoogleSignInExceptionCode.interrupted; + case GetCredentialFailureType.providerConfigurationIssue: + code = GoogleSignInExceptionCode.providerConfigurationError; + case GetCredentialFailureType.unsupported: + code = GoogleSignInExceptionCode.providerConfigurationError; + message = 'Credential Manager not supported. $message'; + case GetCredentialFailureType.canceled: + code = GoogleSignInExceptionCode.canceled; + case GetCredentialFailureType.missingServerClientId: + code = GoogleSignInExceptionCode.clientConfigurationError; + message = 'serverClientId must be provided on Android'; + case GetCredentialFailureType.unknown: + code = GoogleSignInExceptionCode.unknownError; + } + throw GoogleSignInException( + code: code, description: message, details: authnResult.details); + case GetCredentialSuccess(): + return authnResult.credential; + } } - SignInType _signInTypeForOption(SignInOption option) { - switch (option) { - case SignInOption.standard: - return SignInType.standard; - case SignInOption.games: - return SignInType.games; + Future<({String? accessToken, String? serverAuthCode})> _authorize( + AuthorizationRequestDetails request, + {required bool requestOfflineAccess}) async { + final AuthorizeResult result = await _hostApi.authorize( + PlatformAuthorizationRequest( + scopes: request.scopes, + accountEmail: request.email, + hostedDomain: _hostedDomain, + serverClientIdForForcedRefreshToken: + requestOfflineAccess ? _serverClientId : null), + promptIfUnauthorized: request.promptIfUnauthorized); + switch (result) { + case AuthorizeFailure(): + String? message = result.message; + final GoogleSignInExceptionCode code; + switch (result.type) { + case AuthorizeFailureType.unauthorized: + // This indicates that there was no existing authorization and + // prompting wasn't allowed, so just return null. + return (accessToken: null, serverAuthCode: null); + case AuthorizeFailureType.pendingIntentException: + code = GoogleSignInExceptionCode.canceled; + case AuthorizeFailureType.authorizeFailure: + message = 'Authorization failed: $message'; + code = GoogleSignInExceptionCode.unknownError; + case AuthorizeFailureType.apiException: + message = 'SDK reported an exception: $message'; + code = GoogleSignInExceptionCode.unknownError; + case AuthorizeFailureType.noActivity: + code = GoogleSignInExceptionCode.uiUnavailable; + } + throw GoogleSignInException( + code: code, description: message, details: result.details); + case PlatformAuthorizationResult(): + final String? accessToken = result.accessToken; + if (accessToken == null) { + return (accessToken: null, serverAuthCode: null); + } + return ( + accessToken: accessToken, + serverAuthCode: result.serverAuthCode, + ); } - // Handle the case where a new type is added to the platform interface in - // the future, and this version of the package is used with it. - // ignore: dead_code - throw UnimplementedError('Unsupported sign in option: $option'); } - GoogleSignInUserData _signInUserDataFromChannelData(UserData data) { - return GoogleSignInUserData( - email: data.email, - id: data.id, - displayName: data.displayName, - photoUrl: data.photoUrl, - idToken: data.idToken, - serverAuthCode: data.serverAuthCode, + AuthenticationResults _authenticationResultFromPlatformCredential( + PlatformGoogleIdTokenCredential credential) { + // GoogleIdTokenCredential's ID field is documented to return the + // email address, not what the other platform SDKs call an ID. + // The account ID returned by other platform SDKs and the legacy + // Google Sign In for Android SDK is no longer directly exposed, so it + // need to be extracted from the token. See + // https://stackoverflow.com/a/78064720. + // The ID should always be availabe from the token, but if for some reason + // it can't be extracted, use the email address instead as a reasonable + // fallback method of identifying the account. + final String email = credential.id; + final String userId = _idFromIdToken(credential.idToken) ?? email; + + return AuthenticationResults( + user: GoogleSignInUserData( + email: email, + id: userId, + displayName: credential.displayName, + photoUrl: credential.profilePictureUri), + authenticationTokens: + AuthenticationTokenData(idToken: credential.idToken), ); } } + +/// A codec that can encode/decode JWT payloads. +/// +/// See https://www.rfc-editor.org/rfc/rfc7519#section-3 +final Codec _jwtCodec = json.fuse(utf8).fuse(base64); + +/// Extracts the user ID from an idToken. +/// +/// See https://stackoverflow.com/a/78064720 +String? _idFromIdToken(String idToken) { + final RegExp jwtTokenRegexp = RegExp( + r'^(?
[^\.\s]+)\.(?[^\.\s]+)\.(?[^\.\s]+)$'); + final RegExpMatch? match = jwtTokenRegexp.firstMatch(idToken); + final String? payload = match?.namedGroup('payload'); + if (payload != null) { + try { + final Map? contents = + _jwtCodec.decode(base64.normalize(payload)) as Map?; + if (contents != null) { + return contents['sub'] as String?; + } + } catch (_) { + return null; + } + } + return null; +} + +/// Options specific to authentication with the lightweight authentication +/// flow, rather than the explict user-requested login flow. +/// +/// These correspond to builder options specific to GetGoogleIdOption on the +/// platform side. +class _LightweightAuthenticationOptions { + _LightweightAuthenticationOptions({ + required this.filterToAuthorized, + required this.autoSelectEnabled, + }); + + /// If true, only allows selection of accounts that have already authorized + /// the app. + bool filterToAuthorized; + + /// If true, automatically selects an account if there is only one + /// authorized account and no additional user action is required. + bool autoSelectEnabled; +} diff --git a/packages/google_sign_in/google_sign_in_android/lib/src/messages.g.dart b/packages/google_sign_in/google_sign_in_android/lib/src/messages.g.dart index 610741deb7b..240e2a56b11 100644 --- a/packages/google_sign_in/google_sign_in_android/lib/src/messages.g.dart +++ b/packages/google_sign_in/google_sign_in_android/lib/src/messages.g.dart @@ -1,7 +1,7 @@ // Copyright 2013 The Flutter Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -// Autogenerated from Pigeon (v24.2.0), do not edit directly. +// Autogenerated from Pigeon (v24.2.2), do not edit directly. // See also: https://pub.dev/packages/pigeon // ignore_for_file: public_member_api_docs, non_constant_identifier_names, avoid_as, unused_import, unnecessary_parenthesis, prefer_null_aware_operators, omit_local_variable_types, unused_shown_name, unnecessary_import, no_leading_underscores_for_local_identifiers @@ -18,114 +18,352 @@ PlatformException _createConnectionError(String channelName) { ); } -/// Pigeon version of SignInOption. -enum SignInType { - /// Default configuration. - standard, +enum GetCredentialFailureType { + /// Indicates that a credential was returned, but it was not of the expected + /// type. + unexpectedCredentialType, - /// Recommended configuration for game sign in. - games, + /// Indicates that a server client ID was not provided. + missingServerClientId, + + /// The request was internally interrupted. + interrupted, + + /// The request was canceled by the user. + canceled, + + /// No matching credential was found. + noCredential, + + /// The provider was not properly configured. + providerConfigurationIssue, + + /// The credential manager is not supported on this device. + unsupported, + + /// The request failed for an unknown reason. + unknown, +} + +enum AuthorizeFailureType { + /// Indicates that the requested types are not currently authorized. + /// + /// This is returned only if promptIfUnauthorized is false, indicating that + /// the user would need to be prompted for authorization. + unauthorized, + + /// Indicates that the call to AuthorizationClient.authorize itself failed. + authorizeFailure, + + /// Corresponds to SendIntentException, indicating that the pending intent is + /// no longer available. + pendingIntentException, + + /// Corresponds to an SendIntentException in onActivityResult, indicating that + /// either authorization failed, or the result was not available for some + /// reason. + apiException, + + /// Indicates that the user needs to be prompted for authorization, but there + /// is no current activity to prompt in. + noActivity, } -/// Pigeon version of SignInInitParams. +/// The information necessary to build a an authorization request. /// -/// See SignInInitParams for details. -class InitParams { - InitParams({ - this.scopes = const [], - this.signInType = SignInType.standard, +/// Corresponds to the native AuthorizationRequest object, but only contains +/// the fields used by this plugin. +class PlatformAuthorizationRequest { + PlatformAuthorizationRequest({ + required this.scopes, this.hostedDomain, - this.clientId, - this.serverClientId, - this.forceCodeForRefreshToken = false, - this.forceAccountName, + this.accountEmail, + this.serverClientIdForForcedRefreshToken, }); List scopes; - SignInType signInType; - String? hostedDomain; - String? clientId; - - String? serverClientId; + String? accountEmail; - bool forceCodeForRefreshToken; - - String? forceAccountName; + /// If set, adds a call to requestOfflineAccess(this string, true); + String? serverClientIdForForcedRefreshToken; Object encode() { return [ scopes, - signInType, hostedDomain, - clientId, - serverClientId, - forceCodeForRefreshToken, - forceAccountName, + accountEmail, + serverClientIdForForcedRefreshToken, ]; } - static InitParams decode(Object result) { + static PlatformAuthorizationRequest decode(Object result) { result as List; - return InitParams( + return PlatformAuthorizationRequest( scopes: (result[0] as List?)!.cast(), - signInType: result[1]! as SignInType, - hostedDomain: result[2] as String?, - clientId: result[3] as String?, - serverClientId: result[4] as String?, - forceCodeForRefreshToken: result[5]! as bool, - forceAccountName: result[6] as String?, + hostedDomain: result[1] as String?, + accountEmail: result[2] as String?, + serverClientIdForForcedRefreshToken: result[3] as String?, ); } } -/// Pigeon version of GoogleSignInUserData. +/// The information necessary to build a credential request. /// -/// See GoogleSignInUserData for details. -class UserData { - UserData({ +/// Combines the parts of the native GetCredentialRequest and CredentialOption +/// classes that are used for this plugin. +class GetCredentialRequestParams { + GetCredentialRequestParams({ + required this.useButtonFlow, + required this.googleIdOptionParams, + this.serverClientId, + this.nonce, + }); + + /// Whether to use the Sign in with Google button flow + /// (GetSignInWithGoogleOption), corresponding to an explicit sign-in request, + /// or not (GetGoogleIdOption), corresponding to an implicit potential + /// sign-in. + bool useButtonFlow; + + /// Parameters specific to GetGoogleIdOption. + /// + /// Ignored if useButtonFlow is true. + GetCredentialRequestGoogleIdOptionParams googleIdOptionParams; + + String? serverClientId; + + String? nonce; + + Object encode() { + return [ + useButtonFlow, + googleIdOptionParams, + serverClientId, + nonce, + ]; + } + + static GetCredentialRequestParams decode(Object result) { + result as List; + return GetCredentialRequestParams( + useButtonFlow: result[0]! as bool, + googleIdOptionParams: + result[1]! as GetCredentialRequestGoogleIdOptionParams, + serverClientId: result[2] as String?, + nonce: result[3] as String?, + ); + } +} + +class GetCredentialRequestGoogleIdOptionParams { + GetCredentialRequestGoogleIdOptionParams({ + required this.filterToAuthorized, + required this.autoSelectEnabled, + }); + + bool filterToAuthorized; + + bool autoSelectEnabled; + + Object encode() { + return [ + filterToAuthorized, + autoSelectEnabled, + ]; + } + + static GetCredentialRequestGoogleIdOptionParams decode(Object result) { + result as List; + return GetCredentialRequestGoogleIdOptionParams( + filterToAuthorized: result[0]! as bool, + autoSelectEnabled: result[1]! as bool, + ); + } +} + +/// Pigeon equivalent of the native GoogleIdTokenCredential. +class PlatformGoogleIdTokenCredential { + PlatformGoogleIdTokenCredential({ this.displayName, - required this.email, + this.familyName, + this.givenName, required this.id, - this.photoUrl, - this.idToken, - this.serverAuthCode, + required this.idToken, + this.profilePictureUri, }); String? displayName; - String email; + String? familyName; - String id; + String? givenName; - String? photoUrl; + String id; - String? idToken; + String idToken; - String? serverAuthCode; + String? profilePictureUri; Object encode() { return [ displayName, - email, + familyName, + givenName, id, - photoUrl, idToken, - serverAuthCode, + profilePictureUri, ]; } - static UserData decode(Object result) { + static PlatformGoogleIdTokenCredential decode(Object result) { result as List; - return UserData( + return PlatformGoogleIdTokenCredential( displayName: result[0] as String?, - email: result[1]! as String, - id: result[2]! as String, - photoUrl: result[3] as String?, - idToken: result[4] as String?, - serverAuthCode: result[5] as String?, + familyName: result[1] as String?, + givenName: result[2] as String?, + id: result[3]! as String, + idToken: result[4]! as String, + profilePictureUri: result[5] as String?, + ); + } +} + +/// The response from a `getCredential` call. +/// +/// This is not the same as a native GetCredentialResponse since modeling the +/// response type hierarchy and two-part callback in this interface layer would +/// add a lot of complexity that is not needed for the plugin's use case. It is +/// instead a processed version of the results of those callbacks. +sealed class GetCredentialResult {} + +/// An authentication failure. +class GetCredentialFailure extends GetCredentialResult { + GetCredentialFailure({ + required this.type, + this.message, + this.details, + }); + + /// The type of failure. + GetCredentialFailureType type; + + /// The message associated with the failure, if any. + String? message; + + /// Extra details about the failure, if any. + String? details; + + Object encode() { + return [ + type, + message, + details, + ]; + } + + static GetCredentialFailure decode(Object result) { + result as List; + return GetCredentialFailure( + type: result[0]! as GetCredentialFailureType, + message: result[1] as String?, + details: result[2] as String?, + ); + } +} + +/// A successful authentication result. +class GetCredentialSuccess extends GetCredentialResult { + GetCredentialSuccess({ + required this.credential, + }); + + PlatformGoogleIdTokenCredential credential; + + Object encode() { + return [ + credential, + ]; + } + + static GetCredentialSuccess decode(Object result) { + result as List; + return GetCredentialSuccess( + credential: result[0]! as PlatformGoogleIdTokenCredential, + ); + } +} + +/// The response from an `authorize` call. +sealed class AuthorizeResult {} + +/// An authorization failure +class AuthorizeFailure extends AuthorizeResult { + AuthorizeFailure({ + required this.type, + this.message, + this.details, + }); + + /// The type of failure. + AuthorizeFailureType type; + + /// The message associated with the failure, if any. + String? message; + + /// Extra details about the failure, if any. + String? details; + + Object encode() { + return [ + type, + message, + details, + ]; + } + + static AuthorizeFailure decode(Object result) { + result as List; + return AuthorizeFailure( + type: result[0]! as AuthorizeFailureType, + message: result[1] as String?, + details: result[2] as String?, + ); + } +} + +/// A successful authorization result. +/// +/// Corresponds to a native AuthorizationResult. +class PlatformAuthorizationResult extends AuthorizeResult { + PlatformAuthorizationResult({ + this.accessToken, + this.serverAuthCode, + required this.grantedScopes, + }); + + String? accessToken; + + String? serverAuthCode; + + List grantedScopes; + + Object encode() { + return [ + accessToken, + serverAuthCode, + grantedScopes, + ]; + } + + static PlatformAuthorizationResult decode(Object result) { + result as List; + return PlatformAuthorizationResult( + accessToken: result[0] as String?, + serverAuthCode: result[1] as String?, + grantedScopes: (result[2] as List?)!.cast(), ); } } @@ -137,15 +375,36 @@ class _PigeonCodec extends StandardMessageCodec { if (value is int) { buffer.putUint8(4); buffer.putInt64(value); - } else if (value is SignInType) { + } else if (value is GetCredentialFailureType) { buffer.putUint8(129); writeValue(buffer, value.index); - } else if (value is InitParams) { + } else if (value is AuthorizeFailureType) { buffer.putUint8(130); - writeValue(buffer, value.encode()); - } else if (value is UserData) { + writeValue(buffer, value.index); + } else if (value is PlatformAuthorizationRequest) { buffer.putUint8(131); writeValue(buffer, value.encode()); + } else if (value is GetCredentialRequestParams) { + buffer.putUint8(132); + writeValue(buffer, value.encode()); + } else if (value is GetCredentialRequestGoogleIdOptionParams) { + buffer.putUint8(133); + writeValue(buffer, value.encode()); + } else if (value is PlatformGoogleIdTokenCredential) { + buffer.putUint8(134); + writeValue(buffer, value.encode()); + } else if (value is GetCredentialFailure) { + buffer.putUint8(135); + writeValue(buffer, value.encode()); + } else if (value is GetCredentialSuccess) { + buffer.putUint8(136); + writeValue(buffer, value.encode()); + } else if (value is AuthorizeFailure) { + buffer.putUint8(137); + writeValue(buffer, value.encode()); + } else if (value is PlatformAuthorizationResult) { + buffer.putUint8(138); + writeValue(buffer, value.encode()); } else { super.writeValue(buffer, value); } @@ -156,11 +415,27 @@ class _PigeonCodec extends StandardMessageCodec { switch (type) { case 129: final int? value = readValue(buffer) as int?; - return value == null ? null : SignInType.values[value]; + return value == null ? null : GetCredentialFailureType.values[value]; case 130: - return InitParams.decode(readValue(buffer)!); + final int? value = readValue(buffer) as int?; + return value == null ? null : AuthorizeFailureType.values[value]; case 131: - return UserData.decode(readValue(buffer)!); + return PlatformAuthorizationRequest.decode(readValue(buffer)!); + case 132: + return GetCredentialRequestParams.decode(readValue(buffer)!); + case 133: + return GetCredentialRequestGoogleIdOptionParams.decode( + readValue(buffer)!); + case 134: + return PlatformGoogleIdTokenCredential.decode(readValue(buffer)!); + case 135: + return GetCredentialFailure.decode(readValue(buffer)!); + case 136: + return GetCredentialSuccess.decode(readValue(buffer)!); + case 137: + return AuthorizeFailure.decode(readValue(buffer)!); + case 138: + return PlatformAuthorizationResult.decode(readValue(buffer)!); default: return super.readValueOfType(type, buffer); } @@ -182,73 +457,20 @@ class GoogleSignInApi { final String pigeonVar_messageChannelSuffix; - /// Initializes a sign in request with the given parameters. - Future init(InitParams params) async { - final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.init$pigeonVar_messageChannelSuffix'; - final BasicMessageChannel pigeonVar_channel = - BasicMessageChannel( - pigeonVar_channelName, - pigeonChannelCodec, - binaryMessenger: pigeonVar_binaryMessenger, - ); - final List? pigeonVar_replyList = - await pigeonVar_channel.send([params]) as List?; - if (pigeonVar_replyList == null) { - throw _createConnectionError(pigeonVar_channelName); - } else if (pigeonVar_replyList.length > 1) { - throw PlatformException( - code: pigeonVar_replyList[0]! as String, - message: pigeonVar_replyList[1] as String?, - details: pigeonVar_replyList[2], - ); - } else { - return; - } - } - - /// Starts a silent sign in. - Future signInSilently() async { - final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.signInSilently$pigeonVar_messageChannelSuffix'; - final BasicMessageChannel pigeonVar_channel = - BasicMessageChannel( - pigeonVar_channelName, - pigeonChannelCodec, - binaryMessenger: pigeonVar_binaryMessenger, - ); - final List? pigeonVar_replyList = - await pigeonVar_channel.send(null) as List?; - if (pigeonVar_replyList == null) { - throw _createConnectionError(pigeonVar_channelName); - } else if (pigeonVar_replyList.length > 1) { - throw PlatformException( - code: pigeonVar_replyList[0]! as String, - message: pigeonVar_replyList[1] as String?, - details: pigeonVar_replyList[2], - ); - } else if (pigeonVar_replyList[0] == null) { - throw PlatformException( - code: 'null-error', - message: 'Host platform returned null value for non-null return value.', - ); - } else { - return (pigeonVar_replyList[0] as UserData?)!; - } - } - - /// Starts a sign in with user interaction. - Future signIn() async { + /// Returns the server client ID parsed from google-services.json by the + /// google-services Gradle script, if any. + Future getGoogleServicesJsonServerClientId() async { final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.signIn$pigeonVar_messageChannelSuffix'; + 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.getGoogleServicesJsonServerClientId$pigeonVar_messageChannelSuffix'; final BasicMessageChannel pigeonVar_channel = BasicMessageChannel( pigeonVar_channelName, pigeonChannelCodec, binaryMessenger: pigeonVar_binaryMessenger, ); + final Future pigeonVar_sendFuture = pigeonVar_channel.send(null); final List? pigeonVar_replyList = - await pigeonVar_channel.send(null) as List?; + await pigeonVar_sendFuture as List?; if (pigeonVar_replyList == null) { throw _createConnectionError(pigeonVar_channelName); } else if (pigeonVar_replyList.length > 1) { @@ -257,108 +479,27 @@ class GoogleSignInApi { message: pigeonVar_replyList[1] as String?, details: pigeonVar_replyList[2], ); - } else if (pigeonVar_replyList[0] == null) { - throw PlatformException( - code: 'null-error', - message: 'Host platform returned null value for non-null return value.', - ); } else { - return (pigeonVar_replyList[0] as UserData?)!; - } - } - - /// Requests the access token for the current sign in. - Future getAccessToken(String email, bool shouldRecoverAuth) async { - final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.getAccessToken$pigeonVar_messageChannelSuffix'; - final BasicMessageChannel pigeonVar_channel = - BasicMessageChannel( - pigeonVar_channelName, - pigeonChannelCodec, - binaryMessenger: pigeonVar_binaryMessenger, - ); - final List? pigeonVar_replyList = await pigeonVar_channel - .send([email, shouldRecoverAuth]) as List?; - if (pigeonVar_replyList == null) { - throw _createConnectionError(pigeonVar_channelName); - } else if (pigeonVar_replyList.length > 1) { - throw PlatformException( - code: pigeonVar_replyList[0]! as String, - message: pigeonVar_replyList[1] as String?, - details: pigeonVar_replyList[2], - ); - } else if (pigeonVar_replyList[0] == null) { - throw PlatformException( - code: 'null-error', - message: 'Host platform returned null value for non-null return value.', - ); - } else { - return (pigeonVar_replyList[0] as String?)!; - } - } - - /// Signs out the current user. - Future signOut() async { - final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.signOut$pigeonVar_messageChannelSuffix'; - final BasicMessageChannel pigeonVar_channel = - BasicMessageChannel( - pigeonVar_channelName, - pigeonChannelCodec, - binaryMessenger: pigeonVar_binaryMessenger, - ); - final List? pigeonVar_replyList = - await pigeonVar_channel.send(null) as List?; - if (pigeonVar_replyList == null) { - throw _createConnectionError(pigeonVar_channelName); - } else if (pigeonVar_replyList.length > 1) { - throw PlatformException( - code: pigeonVar_replyList[0]! as String, - message: pigeonVar_replyList[1] as String?, - details: pigeonVar_replyList[2], - ); - } else { - return; - } - } - - /// Revokes scope grants to the application. - Future disconnect() async { - final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.disconnect$pigeonVar_messageChannelSuffix'; - final BasicMessageChannel pigeonVar_channel = - BasicMessageChannel( - pigeonVar_channelName, - pigeonChannelCodec, - binaryMessenger: pigeonVar_binaryMessenger, - ); - final List? pigeonVar_replyList = - await pigeonVar_channel.send(null) as List?; - if (pigeonVar_replyList == null) { - throw _createConnectionError(pigeonVar_channelName); - } else if (pigeonVar_replyList.length > 1) { - throw PlatformException( - code: pigeonVar_replyList[0]! as String, - message: pigeonVar_replyList[1] as String?, - details: pigeonVar_replyList[2], - ); - } else { - return; + return (pigeonVar_replyList[0] as String?); } } - /// Returns whether the user is currently signed in. - Future isSignedIn() async { + /// Requests an authentication credential (sign in) via CredentialManager's + /// getCredential. + Future getCredential( + GetCredentialRequestParams params) async { final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.isSignedIn$pigeonVar_messageChannelSuffix'; + 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.getCredential$pigeonVar_messageChannelSuffix'; final BasicMessageChannel pigeonVar_channel = BasicMessageChannel( pigeonVar_channelName, pigeonChannelCodec, binaryMessenger: pigeonVar_binaryMessenger, ); + final Future pigeonVar_sendFuture = + pigeonVar_channel.send([params]); final List? pigeonVar_replyList = - await pigeonVar_channel.send(null) as List?; + await pigeonVar_sendFuture as List?; if (pigeonVar_replyList == null) { throw _createConnectionError(pigeonVar_channelName); } else if (pigeonVar_replyList.length > 1) { @@ -373,23 +514,23 @@ class GoogleSignInApi { message: 'Host platform returned null value for non-null return value.', ); } else { - return (pigeonVar_replyList[0] as bool?)!; + return (pigeonVar_replyList[0] as GetCredentialResult?)!; } } - /// Clears the authentication caching for the given token, requiring a - /// new sign in. - Future clearAuthCache(String token) async { + /// Clears CredentialManager credential state. + Future clearCredentialState() async { final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.clearAuthCache$pigeonVar_messageChannelSuffix'; + 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.clearCredentialState$pigeonVar_messageChannelSuffix'; final BasicMessageChannel pigeonVar_channel = BasicMessageChannel( pigeonVar_channelName, pigeonChannelCodec, binaryMessenger: pigeonVar_binaryMessenger, ); + final Future pigeonVar_sendFuture = pigeonVar_channel.send(null); final List? pigeonVar_replyList = - await pigeonVar_channel.send([token]) as List?; + await pigeonVar_sendFuture as List?; if (pigeonVar_replyList == null) { throw _createConnectionError(pigeonVar_channelName); } else if (pigeonVar_replyList.length > 1) { @@ -403,18 +544,21 @@ class GoogleSignInApi { } } - /// Requests access to the given scopes. - Future requestScopes(List scopes) async { + /// Requests authorization tokens via AuthorizationClient. + Future authorize(PlatformAuthorizationRequest params, + {required bool promptIfUnauthorized}) async { final String pigeonVar_channelName = - 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.requestScopes$pigeonVar_messageChannelSuffix'; + 'dev.flutter.pigeon.google_sign_in_android.GoogleSignInApi.authorize$pigeonVar_messageChannelSuffix'; final BasicMessageChannel pigeonVar_channel = BasicMessageChannel( pigeonVar_channelName, pigeonChannelCodec, binaryMessenger: pigeonVar_binaryMessenger, ); + final Future pigeonVar_sendFuture = + pigeonVar_channel.send([params, promptIfUnauthorized]); final List? pigeonVar_replyList = - await pigeonVar_channel.send([scopes]) as List?; + await pigeonVar_sendFuture as List?; if (pigeonVar_replyList == null) { throw _createConnectionError(pigeonVar_channelName); } else if (pigeonVar_replyList.length > 1) { @@ -429,7 +573,7 @@ class GoogleSignInApi { message: 'Host platform returned null value for non-null return value.', ); } else { - return (pigeonVar_replyList[0] as bool?)!; + return (pigeonVar_replyList[0] as AuthorizeResult?)!; } } } diff --git a/packages/google_sign_in/google_sign_in_android/pigeons/messages.dart b/packages/google_sign_in/google_sign_in_android/pigeons/messages.dart index cdb92ea3337..b7cdd267a7e 100644 --- a/packages/google_sign_in/google_sign_in_android/pigeons/messages.dart +++ b/packages/google_sign_in/google_sign_in_android/pigeons/messages.dart @@ -6,101 +6,191 @@ import 'package:pigeon/pigeon.dart'; @ConfigurePigeon(PigeonOptions( dartOut: 'lib/src/messages.g.dart', - javaOut: - 'android/src/main/java/io/flutter/plugins/googlesignin/Messages.java', - javaOptions: JavaOptions(package: 'io.flutter.plugins.googlesignin'), + kotlinOut: + 'android/src/main/kotlin/io/flutter/plugins/googlesignin/Messages.kt', + kotlinOptions: KotlinOptions(package: 'io.flutter.plugins.googlesignin'), copyrightHeader: 'pigeons/copyright.txt', )) -/// Pigeon version of SignInOption. -enum SignInType { - /// Default configuration. - standard, - - /// Recommended configuration for game sign in. - games, +/// The information necessary to build a an authorization request. +/// +/// Corresponds to the native AuthorizationRequest object, but only contains +/// the fields used by this plugin. +class PlatformAuthorizationRequest { + PlatformAuthorizationRequest({required this.scopes, this.hostedDomain}); + List scopes; + String? hostedDomain; + String? accountEmail; + + /// If set, adds a call to requestOfflineAccess(this string, true); + String? serverClientIdForForcedRefreshToken; } -/// Pigeon version of SignInInitParams. +/// The information necessary to build a credential request. /// -/// See SignInInitParams for details. -class InitParams { - /// The parameters to use when initializing the sign in process. - const InitParams({ - this.scopes = const [], - this.signInType = SignInType.standard, - this.hostedDomain, - this.clientId, +/// Combines the parts of the native GetCredentialRequest and CredentialOption +/// classes that are used for this plugin. +class GetCredentialRequestParams { + GetCredentialRequestParams({ + required this.useButtonFlow, + required this.googleIdOptionParams, this.serverClientId, - this.forceCodeForRefreshToken = false, - this.forceAccountName, + this.nonce, }); - final List scopes; - final SignInType signInType; - final String? hostedDomain; - final String? clientId; - final String? serverClientId; - final bool forceCodeForRefreshToken; - final String? forceAccountName; + /// Whether to use the Sign in with Google button flow + /// (GetSignInWithGoogleOption), corresponding to an explicit sign-in request, + /// or not (GetGoogleIdOption), corresponding to an implicit potential + /// sign-in. + bool useButtonFlow; + + /// Parameters specific to GetGoogleIdOption. + /// + /// Ignored if useButtonFlow is true. + GetCredentialRequestGoogleIdOptionParams googleIdOptionParams; + + String? serverClientId; + String? nonce; } -/// Pigeon version of GoogleSignInUserData. -/// -/// See GoogleSignInUserData for details. -class UserData { - UserData({ - required this.email, - required this.id, - this.displayName, - this.photoUrl, - this.idToken, - this.serverAuthCode, +class GetCredentialRequestGoogleIdOptionParams { + GetCredentialRequestGoogleIdOptionParams({ + required this.filterToAuthorized, + required this.autoSelectEnabled, }); - final String? displayName; - final String email; - final String id; - final String? photoUrl; - final String? idToken; - final String? serverAuthCode; + bool filterToAuthorized; + bool autoSelectEnabled; } -@HostApi() -abstract class GoogleSignInApi { - /// Initializes a sign in request with the given parameters. - void init(InitParams params); +/// Pigeon equivalent of the native GoogleIdTokenCredential. +class PlatformGoogleIdTokenCredential { + String? displayName; + String? familyName; + String? givenName; + late String id; + late String idToken; + String? profilePictureUri; +} - /// Starts a silent sign in. - @async - UserData signInSilently(); +enum GetCredentialFailureType { + /// Indicates that a credential was returned, but it was not of the expected + /// type. + unexpectedCredentialType, - /// Starts a sign in with user interaction. - @async - UserData signIn(); + /// Indicates that a server client ID was not provided. + missingServerClientId, - /// Requests the access token for the current sign in. - @async - @TaskQueue(type: TaskQueueType.serialBackgroundThread) - String getAccessToken(String email, bool shouldRecoverAuth); + // Types from https://developer.android.com/reference/android/credentials/GetCredentialException + /// The request was internally interrupted. + interrupted, - /// Signs out the current user. - @async - void signOut(); + /// The request was canceled by the user. + canceled, - /// Revokes scope grants to the application. - @async - void disconnect(); + /// No matching credential was found. + noCredential, + + /// The provider was not properly configured. + providerConfigurationIssue, + + /// The credential manager is not supported on this device. + unsupported, + + /// The request failed for an unknown reason. + unknown, +} - /// Returns whether the user is currently signed in. - bool isSignedIn(); +/// The response from a `getCredential` call. +/// +/// This is not the same as a native GetCredentialResponse since modeling the +/// response type hierarchy and two-part callback in this interface layer would +/// add a lot of complexity that is not needed for the plugin's use case. It is +/// instead a processed version of the results of those callbacks. +sealed class GetCredentialResult {} + +/// An authentication failure. +class GetCredentialFailure extends GetCredentialResult { + /// The type of failure. + late GetCredentialFailureType type; + + /// The message associated with the failure, if any. + String? message; + + /// Extra details about the failure, if any. + String? details; +} + +/// A successful authentication result. +class GetCredentialSuccess extends GetCredentialResult { + late PlatformGoogleIdTokenCredential credential; +} - /// Clears the authentication caching for the given token, requiring a - /// new sign in. - @TaskQueue(type: TaskQueueType.serialBackgroundThread) - void clearAuthCache(String token); +enum AuthorizeFailureType { + /// Indicates that the requested types are not currently authorized. + /// + /// This is returned only if promptIfUnauthorized is false, indicating that + /// the user would need to be prompted for authorization. + unauthorized, + + /// Indicates that the call to AuthorizationClient.authorize itself failed. + authorizeFailure, + + /// Corresponds to SendIntentException, indicating that the pending intent is + /// no longer available. + pendingIntentException, + + /// Corresponds to an SendIntentException in onActivityResult, indicating that + /// either authorization failed, or the result was not available for some + /// reason. + apiException, + + /// Indicates that the user needs to be prompted for authorization, but there + /// is no current activity to prompt in. + noActivity, +} + +/// The response from an `authorize` call. +sealed class AuthorizeResult {} + +/// An authorization failure +class AuthorizeFailure extends AuthorizeResult { + /// The type of failure. + late AuthorizeFailureType type; + + /// The message associated with the failure, if any. + String? message; + + /// Extra details about the failure, if any. + String? details; +} + +/// A successful authorization result. +/// +/// Corresponds to a native AuthorizationResult. +class PlatformAuthorizationResult extends AuthorizeResult { + String? accessToken; + String? serverAuthCode; + late List grantedScopes; +} + +@HostApi() +abstract class GoogleSignInApi { + /// Returns the server client ID parsed from google-services.json by the + /// google-services Gradle script, if any. + String? getGoogleServicesJsonServerClientId(); + + /// Requests an authentication credential (sign in) via CredentialManager's + /// getCredential. + @async + GetCredentialResult getCredential(GetCredentialRequestParams params); + + /// Clears CredentialManager credential state. + @async + void clearCredentialState(); - /// Requests access to the given scopes. + /// Requests authorization tokens via AuthorizationClient. @async - bool requestScopes(List scopes); + AuthorizeResult authorize(PlatformAuthorizationRequest params, + {required bool promptIfUnauthorized}); } diff --git a/packages/google_sign_in/google_sign_in_android/pubspec.yaml b/packages/google_sign_in/google_sign_in_android/pubspec.yaml index 05197dda1f0..2ddf590bbcb 100644 --- a/packages/google_sign_in/google_sign_in_android/pubspec.yaml +++ b/packages/google_sign_in/google_sign_in_android/pubspec.yaml @@ -2,7 +2,7 @@ name: google_sign_in_android description: Android implementation of the google_sign_in plugin. repository: https://github.com/flutter/packages/tree/main/packages/google_sign_in/google_sign_in_android issue_tracker: https://github.com/flutter/flutter/issues?q=is%3Aissue+is%3Aopen+label%3A%22p%3A+google_sign_in%22 -version: 6.2.1 +version: 7.0.0 environment: sdk: ^3.6.0 @@ -20,7 +20,7 @@ flutter: dependencies: flutter: sdk: flutter - google_sign_in_platform_interface: ^2.5.0 + google_sign_in_platform_interface: ^3.0.0 dev_dependencies: build_runner: ^2.3.0 diff --git a/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.dart b/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.dart index 20cfb6a746e..44850e69c3e 100644 --- a/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.dart +++ b/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.dart @@ -2,7 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -import 'package:flutter/services.dart'; +import 'dart:convert'; + import 'package:flutter_test/flutter_test.dart'; import 'package:google_sign_in_android/google_sign_in_android.dart'; import 'package:google_sign_in_android/src/messages.g.dart'; @@ -12,28 +13,36 @@ import 'package:mockito/mockito.dart'; import 'google_sign_in_android_test.mocks.dart'; -final GoogleSignInUserData _user = GoogleSignInUserData( +const GoogleSignInUserData _testUser = GoogleSignInUserData( email: 'john.doe@gmail.com', id: '8162538176523816253123', photoUrl: 'https://lh5.googleusercontent.com/photo.jpg', displayName: 'John Doe', - idToken: '123', - serverAuthCode: '789', ); -final GoogleSignInTokenData _token = GoogleSignInTokenData( - accessToken: '456', +final AuthenticationTokenData _testAuthnToken = AuthenticationTokenData( + // This is just real enough to test the id-from-idToken extraction logic, with + // the middle (payload) section having an actual base-64 encoded JSON + // dictionary with only the "sub":"id" entry needed by the plugin code. + idToken: 'header.${base64UrlEncode(JsonUtf8Encoder().convert( + {'sub': _testUser.id}, + ))}.signatune', ); -@GenerateMocks([GoogleSignInApi]) +@GenerateNiceMocks(>[MockSpec()]) void main() { TestWidgetsFlutterBinding.ensureInitialized(); late GoogleSignInAndroid googleSignIn; - late MockGoogleSignInApi api; + late MockGoogleSignInApi mockApi; setUp(() { - api = MockGoogleSignInApi(); - googleSignIn = GoogleSignInAndroid(api: api); + mockApi = MockGoogleSignInApi(); + googleSignIn = GoogleSignInAndroid(api: mockApi); + + provideDummy(GetCredentialSuccess( + credential: PlatformGoogleIdTokenCredential(id: '', idToken: ''))); + provideDummy( + PlatformAuthorizationResult(grantedScopes: [])); }); test('registered instance', () { @@ -41,163 +50,645 @@ void main() { expect(GoogleSignInPlatform.instance, isA()); }); - test('signInSilently transforms platform data to GoogleSignInUserData', - () async { - when(api.signInSilently()).thenAnswer((_) async => UserData( - email: _user.email, - id: _user.id, - photoUrl: _user.photoUrl, - displayName: _user.displayName, - idToken: _user.idToken, - serverAuthCode: _user.serverAuthCode, - )); - - final dynamic response = await googleSignIn.signInSilently(); - - expect(response, _user); - }); - - test('signInSilently Exceptions -> throws', () async { - when(api.signInSilently()) - .thenAnswer((_) async => throw PlatformException(code: 'fail')); - - expect(googleSignIn.signInSilently(), - throwsA(isInstanceOf())); - }); - - test('signIn transforms platform data to GoogleSignInUserData', () async { - when(api.signIn()).thenAnswer((_) async => UserData( - email: _user.email, - id: _user.id, - photoUrl: _user.photoUrl, - displayName: _user.displayName, - idToken: _user.idToken, - serverAuthCode: _user.serverAuthCode, - )); - - final dynamic response = await googleSignIn.signIn(); + group('support queries', () { + test('reports support for authenticate', () { + expect(googleSignIn.supportsAuthenticate(), true); + }); - expect(response, _user); + test('reports no requirement for user interaction to authorize', () { + expect(googleSignIn.authorizationRequiresUserInteraction(), false); + }); }); - test('signIn Exceptions -> throws', () async { - when(api.signIn()) - .thenAnswer((_) async => throw PlatformException(code: 'fail')); - - expect(googleSignIn.signIn(), throwsA(isInstanceOf())); + group('attemptLightweightAuthentication', () { + test('passes explicit server client ID', () async { + const String serverClientId = 'aServerClient'; + + await googleSignIn + .init(const InitParameters(serverClientId: serverClientId)); + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + verifyNever(mockApi.getGoogleServicesJsonServerClientId()); + final VerificationResult verification = + verify(mockApi.getCredential(captureAny)); + final GetCredentialRequestParams hostParams = + verification.captured[0] as GetCredentialRequestParams; + expect(hostParams.serverClientId, serverClientId); + }); + + test('passes JSON server client ID if not overridden', () async { + const String serverClientId = 'aServerClient'; + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => serverClientId); + + // Passing no server client ID should cause it to be queried via + // getGoogleServicesJsonServerClientId(). + await googleSignIn.init(const InitParameters()); + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + verify(mockApi.getGoogleServicesJsonServerClientId()); + final VerificationResult verification = + verify(mockApi.getCredential(captureAny)); + final GetCredentialRequestParams hostParams = + verification.captured[0] as GetCredentialRequestParams; + expect(hostParams.serverClientId, serverClientId); + }); + + test('passes nonce if provided', () async { + const String nonce = 'nonce'; + + await googleSignIn + .init(const InitParameters(nonce: nonce, serverClientId: 'id')); + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + final VerificationResult verification = + verify(mockApi.getCredential(captureAny)); + final GetCredentialRequestParams hostParams = + verification.captured[0] as GetCredentialRequestParams; + expect(hostParams.nonce, nonce); + }); + + test('passes success data to caller', () async { + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialSuccess( + credential: PlatformGoogleIdTokenCredential( + displayName: _testUser.displayName, + profilePictureUri: _testUser.photoUrl, + id: _testUser.email, + idToken: _testAuthnToken.idToken!))); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + final AuthenticationResults? result = + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + expect(result?.user, _testUser); + expect(result?.authenticationTokens, _testAuthnToken); + }); + + test('returns null for missing auth', () async { + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure(type: GetCredentialFailureType.noCredential)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + final AuthenticationResults? result = + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + expect(result, null); + }); }); - test('getTokens transforms platform data to GoogleSignInTokenData', () async { - const bool recoverAuth = false; - when(api.getAccessToken(_user.email, recoverAuth)) - .thenAnswer((_) async => _token.accessToken!); - - final GoogleSignInTokenData response = await googleSignIn.getTokens( - email: _user.email, shouldRecoverAuth: recoverAuth); - - expect(response, _token); + group('authenticate', () { + test('passes explicit server client ID', () async { + const String serverClientId = 'aServerClient'; + + await googleSignIn + .init(const InitParameters(serverClientId: serverClientId)); + await googleSignIn.authenticate(const AuthenticateParameters()); + + verifyNever(mockApi.getGoogleServicesJsonServerClientId()); + final VerificationResult verification = + verify(mockApi.getCredential(captureAny)); + final GetCredentialRequestParams hostParams = + verification.captured[0] as GetCredentialRequestParams; + expect(hostParams.serverClientId, serverClientId); + }); + + test('passes JSON server client ID if not overridden', () async { + const String serverClientId = 'aServerClient'; + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => serverClientId); + + // Passing no server client ID should cause it to be queried via + // getGoogleServicesJsonServerClientId(). + await googleSignIn.init(const InitParameters()); + await googleSignIn.authenticate(const AuthenticateParameters()); + + verify(mockApi.getGoogleServicesJsonServerClientId()); + final VerificationResult verification = + verify(mockApi.getCredential(captureAny)); + final GetCredentialRequestParams hostParams = + verification.captured[0] as GetCredentialRequestParams; + expect(hostParams.serverClientId, serverClientId); + }); + + test('passes nonce if provided', () async { + const String nonce = 'nonce'; + + await googleSignIn.init(const InitParameters(nonce: nonce)); + await googleSignIn.authenticate(const AuthenticateParameters()); + + final VerificationResult verification = + verify(mockApi.getCredential(captureAny)); + final GetCredentialRequestParams hostParams = + verification.captured[0] as GetCredentialRequestParams; + expect(hostParams.nonce, nonce); + }); + + test('passes success data to caller', () async { + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialSuccess( + credential: PlatformGoogleIdTokenCredential( + displayName: _testUser.displayName, + profilePictureUri: _testUser.photoUrl, + id: _testUser.email, + idToken: _testAuthnToken.idToken!))); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + final AuthenticationResults result = + await googleSignIn.authenticate(const AuthenticateParameters()); + + expect(result.user, _testUser); + expect(result.authenticationTokens, _testAuthnToken); + }); + + test('throws unknown for missing auth', () async { + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure(type: GetCredentialFailureType.noCredential)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); + + test('throws client configuration error for missing server client ID', + () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure( + type: GetCredentialFailureType.missingServerClientId)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf() + .having((GoogleSignInException e) => e.code, 'code', + GoogleSignInExceptionCode.clientConfigurationError) + .having((GoogleSignInException e) => e.description, 'description', + contains('serverClientId must be provided')))); + }); + + test('throws provider configuration error for wrong credential type', + () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure( + type: GetCredentialFailureType.unexpectedCredentialType)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf() + .having((GoogleSignInException e) => e.code, 'code', + GoogleSignInExceptionCode.providerConfigurationError) + .having((GoogleSignInException e) => e.description, 'description', + contains('Unexpected credential type')))); + }); + + test( + 'throws provider configuration error if device does not ' + 'support Credential Manager', () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure(type: GetCredentialFailureType.unsupported)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf() + .having((GoogleSignInException e) => e.code, 'code', + GoogleSignInExceptionCode.providerConfigurationError) + .having((GoogleSignInException e) => e.description, 'description', + contains('Credential Manager not supported')))); + }); + + test( + 'throws provider configuration error for SDK-reported ' + 'provider configuration error', () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure( + type: GetCredentialFailureType.providerConfigurationIssue)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.providerConfigurationError))); + }); + + test('throws interrupted from SDK', () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure(type: GetCredentialFailureType.interrupted)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.interrupted))); + }); + + test('throws canceled from SDK', () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure(type: GetCredentialFailureType.canceled)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.canceled))); + }); + + test('throws unknown from SDK', () async { + when(mockApi.getGoogleServicesJsonServerClientId()) + .thenAnswer((_) async => null); + when(mockApi.getCredential(any)).thenAnswer((_) async => + GetCredentialFailure(type: GetCredentialFailureType.unknown)); + + await googleSignIn.init(const InitParameters()); + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); }); - test('getTokens will not pass null for shouldRecoverAuth', () async { - when(api.getAccessToken(_user.email, true)) - .thenAnswer((_) async => _token.accessToken!); - - final GoogleSignInTokenData response = await googleSignIn.getTokens( - email: _user.email, shouldRecoverAuth: null); - - expect(response, _token); - }); - - test('initWithParams passes arguments', () async { - const SignInInitParameters initParams = SignInInitParameters( - hostedDomain: 'example.com', - scopes: ['two', 'scopes'], - signInOption: SignInOption.games, - clientId: 'fakeClientId', - ); - - await googleSignIn.init( - hostedDomain: initParams.hostedDomain, - scopes: initParams.scopes, - signInOption: initParams.signInOption, - clientId: initParams.clientId, + group('clientAuthorizationTokensForScopes', () { + // Request details used when the details of the request are not relevant to + // the test. + const AuthorizationRequestDetails defaultAuthRequest = + AuthorizationRequestDetails( + scopes: ['a'], + userId: null, + email: null, + promptIfUnauthorized: false, ); - final VerificationResult result = verify(api.init(captureAny)); - final InitParams passedParams = result.captured[0] as InitParams; - expect(passedParams.hostedDomain, initParams.hostedDomain); - expect(passedParams.scopes, initParams.scopes); - expect(passedParams.signInType, SignInType.games); - expect(passedParams.clientId, initParams.clientId); - // These should use whatever the SignInInitParameters defaults are. - expect(passedParams.serverClientId, initParams.serverClientId); - expect(passedParams.forceCodeForRefreshToken, - initParams.forceCodeForRefreshToken); + test('passes expected values', () async { + const List scopes = ['a', 'b']; + const String userId = '12345'; + const String userEmail = 'user@example.com'; + const bool promptIfUnauthorized = false; + const String hostedDomain = 'example.com'; + + when(mockApi.authorize(any, promptIfUnauthorized: promptIfUnauthorized)) + .thenAnswer((_) async => + PlatformAuthorizationResult(grantedScopes: [])); + + await googleSignIn.init(const InitParameters( + serverClientId: 'id', + hostedDomain: hostedDomain, + )); + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: userId, + email: userEmail, + promptIfUnauthorized: promptIfUnauthorized, + ))); + + final VerificationResult verification = verify(mockApi + .authorize(captureAny, promptIfUnauthorized: promptIfUnauthorized)); + final PlatformAuthorizationRequest hostParams = + verification.captured[0] as PlatformAuthorizationRequest; + expect(hostParams.scopes, scopes); + expect(hostParams.accountEmail, userEmail); + expect(hostParams.hostedDomain, hostedDomain); + expect(hostParams.serverClientIdForForcedRefreshToken, null); + }); + + test('passes true promptIfUnauthorized when requested', () async { + const List scopes = ['a', 'b']; + const bool promptIfUnauthorized = true; + + when(mockApi.authorize(any, promptIfUnauthorized: promptIfUnauthorized)) + .thenAnswer((_) async => + PlatformAuthorizationResult(grantedScopes: [])); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: promptIfUnauthorized, + ))); + + verify( + mockApi.authorize(any, promptIfUnauthorized: promptIfUnauthorized)); + }); + + test('passes success data to caller', () async { + const String accessToken = 'token'; + + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => PlatformAuthorizationResult( + grantedScopes: [], accessToken: accessToken)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + final ClientAuthorizationTokenData? result = + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)); + + expect(result?.accessToken, accessToken); + }); + + test('returns null when unauthorized', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => + AuthorizeFailure(type: AuthorizeFailureType.unauthorized)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + null); + }); + + test('thows canceled if pending intent fails', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => AuthorizeFailure( + type: AuthorizeFailureType.pendingIntentException)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.canceled))); + }); + + test('throws unknown if authorization fails', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => + AuthorizeFailure(type: AuthorizeFailureType.authorizeFailure)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); + + test('throws unknown for API exception', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => + AuthorizeFailure(type: AuthorizeFailureType.apiException)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf() + .having((GoogleSignInException e) => e.code, 'code', + GoogleSignInExceptionCode.unknownError) + .having((GoogleSignInException e) => e.description, 'description', + contains('SDK reported an exception')))); + }); + + test('throws UI unavailable if there is no activity available', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => AuthorizeFailure(type: AuthorizeFailureType.noActivity)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.uiUnavailable))); + }); }); - test('initWithParams passes arguments', () async { - const SignInInitParameters initParams = SignInInitParameters( - hostedDomain: 'example.com', - scopes: ['two', 'scopes'], - signInOption: SignInOption.games, - clientId: 'fakeClientId', - serverClientId: 'fakeServerClientId', - forceCodeForRefreshToken: true, - forceAccountName: 'fakeEmailAddress@example.com', + group('serverAuthorizationTokensForScopes', () { + // Request details used when the details of the request are not relevant to + // the test. + const AuthorizationRequestDetails defaultAuthRequest = + AuthorizationRequestDetails( + scopes: ['a'], + userId: null, + email: null, + promptIfUnauthorized: false, ); - await googleSignIn.initWithParams(initParams); - - final VerificationResult result = verify(api.init(captureAny)); - final InitParams passedParams = result.captured[0] as InitParams; - expect(passedParams.hostedDomain, initParams.hostedDomain); - expect(passedParams.scopes, initParams.scopes); - expect(passedParams.signInType, SignInType.games); - expect(passedParams.clientId, initParams.clientId); - expect(passedParams.serverClientId, initParams.serverClientId); - expect(passedParams.forceCodeForRefreshToken, - initParams.forceCodeForRefreshToken); - expect(passedParams.forceAccountName, initParams.forceAccountName); - }); - - test('clearAuthCache passes arguments', () async { - const String token = 'abc'; - - await googleSignIn.clearAuthCache(token: token); - - verify(api.clearAuthCache(token)); - }); - - test('requestScopens passes arguments', () async { - const List scopes = ['newScope', 'anotherScope']; - when(api.requestScopes(scopes)).thenAnswer((_) async => true); - - final bool response = await googleSignIn.requestScopes(scopes); - - expect(response, true); + test('serverAuthorizationTokensForScopes passes expected values', () async { + const List scopes = ['a', 'b']; + const String userId = '12345'; + const String userEmail = 'user@example.com'; + const bool promptIfUnauthorized = false; + const String hostedDomain = 'example.com'; + const String serverClientId = 'serverClientId'; + + when(mockApi.authorize(any, promptIfUnauthorized: promptIfUnauthorized)) + .thenAnswer((_) async => + PlatformAuthorizationResult(grantedScopes: [])); + + await googleSignIn.init(const InitParameters( + serverClientId: serverClientId, + hostedDomain: hostedDomain, + )); + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: userId, + email: userEmail, + promptIfUnauthorized: promptIfUnauthorized, + ))); + + final VerificationResult verification = verify(mockApi + .authorize(captureAny, promptIfUnauthorized: promptIfUnauthorized)); + final PlatformAuthorizationRequest hostParams = + verification.captured[0] as PlatformAuthorizationRequest; + expect(hostParams.scopes, scopes); + expect(hostParams.accountEmail, userEmail); + expect(hostParams.hostedDomain, hostedDomain); + expect(hostParams.serverClientIdForForcedRefreshToken, serverClientId); + }); + + test( + 'serverAuthorizationTokensForScopes passes true promptIfUnauthorized when requested', + () async { + const List scopes = ['a', 'b']; + const bool promptIfUnauthorized = true; + + when(mockApi.authorize(any, promptIfUnauthorized: promptIfUnauthorized)) + .thenAnswer((_) async => + PlatformAuthorizationResult(grantedScopes: [])); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: promptIfUnauthorized, + ))); + + verify( + mockApi.authorize(any, promptIfUnauthorized: promptIfUnauthorized)); + }); + + test('serverAuthorizationTokensForScopes passes success data to caller', + () async { + const List scopes = ['a', 'b']; + const String authCode = 'code'; + + when(mockApi.authorize(any, promptIfUnauthorized: false)) + .thenAnswer((_) async => PlatformAuthorizationResult( + grantedScopes: [], + accessToken: 'token', + serverAuthCode: authCode, + )); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + final ServerAuthorizationTokenData? result = + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: false, + ))); + + expect(result?.serverAuthCode, authCode); + }); + + test('returns null when unauthorized', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => + AuthorizeFailure(type: AuthorizeFailureType.unauthorized)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + null); + }); + + test('thows canceled if pending intent fails', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => AuthorizeFailure( + type: AuthorizeFailureType.pendingIntentException)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.canceled))); + }); + + test('throws unknown if authorization fails', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => + AuthorizeFailure(type: AuthorizeFailureType.authorizeFailure)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); + + test('throws unknown for API exception', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => + AuthorizeFailure(type: AuthorizeFailureType.apiException)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf() + .having((GoogleSignInException e) => e.code, 'code', + GoogleSignInExceptionCode.unknownError) + .having((GoogleSignInException e) => e.description, 'description', + contains('SDK reported an exception')))); + }); + + test('throws UI unavailable if there is no activity available', () async { + when(mockApi.authorize(any, promptIfUnauthorized: false)).thenAnswer( + (_) async => AuthorizeFailure(type: AuthorizeFailureType.noActivity)); + + await googleSignIn.init(const InitParameters(serverClientId: 'id')); + expect( + googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.uiUnavailable))); + }); }); test('signOut calls through', () async { - await googleSignIn.signOut(); + await googleSignIn.signOut(const SignOutParams()); - verify(api.signOut()); + verify(mockApi.clearCredentialState()); }); - test('disconnect calls through', () async { - await googleSignIn.disconnect(); + test('disconnect also signs out', () async { + await googleSignIn.disconnect(const DisconnectParams()); - verify(api.disconnect()); + verify(mockApi.clearCredentialState()); }); - test('isSignedIn passes true response', () async { - when(api.isSignedIn()).thenAnswer((_) async => true); - - expect(await googleSignIn.isSignedIn(), true); - }); - - test('isSignedIn passes false response', () async { - when(api.isSignedIn()).thenAnswer((_) async => false); - - expect(await googleSignIn.isSignedIn(), false); + // Returning null triggers the app-facing package to create stream events, + // per GoogleSignInPlatform docs, so it's important that this returns null + // unless the platform implementation is changed to create all necessary + // notifications. + test('authenticationEvents returns null', () async { + expect(googleSignIn.authenticationEvents, null); }); } diff --git a/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.mocks.dart b/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.mocks.dart index 57c49c58a24..46f5cf978a5 100644 --- a/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.mocks.dart +++ b/packages/google_sign_in/google_sign_in_android/test/google_sign_in_android_test.mocks.dart @@ -1,13 +1,13 @@ -// Mocks generated by Mockito 5.4.4 from annotations +// Mocks generated by Mockito 5.4.6 from annotations // in google_sign_in_android/test/google_sign_in_android_test.dart. // Do not manually edit this file. // ignore_for_file: no_leading_underscores_for_library_prefixes -import 'dart:async' as _i3; +import 'dart:async' as _i4; import 'package:google_sign_in_android/src/messages.g.dart' as _i2; import 'package:mockito/mockito.dart' as _i1; -import 'package:mockito/src/dummies.dart' as _i4; +import 'package:mockito/src/dummies.dart' as _i3; // ignore_for_file: type=lint // ignore_for_file: avoid_redundant_argument_values @@ -17,140 +17,104 @@ import 'package:mockito/src/dummies.dart' as _i4; // ignore_for_file: deprecated_member_use_from_same_package // ignore_for_file: implementation_imports // ignore_for_file: invalid_use_of_visible_for_testing_member +// ignore_for_file: must_be_immutable // ignore_for_file: prefer_const_constructors // ignore_for_file: unnecessary_parenthesis // ignore_for_file: camel_case_types // ignore_for_file: subtype_of_sealed_class -class _FakeUserData_0 extends _i1.SmartFake implements _i2.UserData { - _FakeUserData_0( - Object parent, - Invocation parentInvocation, - ) : super( - parent, - parentInvocation, - ); -} - /// A class which mocks [GoogleSignInApi]. /// /// See the documentation for Mockito's code generation for more information. class MockGoogleSignInApi extends _i1.Mock implements _i2.GoogleSignInApi { - MockGoogleSignInApi() { - _i1.throwOnMissingStub(this); - } - @override - _i3.Future init(_i2.InitParams? arg_params) => (super.noSuchMethod( - Invocation.method( - #init, - [arg_params], + String get pigeonVar_messageChannelSuffix => (super.noSuchMethod( + Invocation.getter(#pigeonVar_messageChannelSuffix), + returnValue: _i3.dummyValue( + this, + Invocation.getter(#pigeonVar_messageChannelSuffix), ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); + returnValueForMissingStub: _i3.dummyValue( + this, + Invocation.getter(#pigeonVar_messageChannelSuffix), + ), + ) as String); @override - _i3.Future<_i2.UserData> signInSilently() => (super.noSuchMethod( + _i4.Future getGoogleServicesJsonServerClientId() => + (super.noSuchMethod( Invocation.method( - #signInSilently, + #getGoogleServicesJsonServerClientId, [], ), - returnValue: _i3.Future<_i2.UserData>.value(_FakeUserData_0( - this, - Invocation.method( - #signInSilently, - [], - ), - )), - ) as _i3.Future<_i2.UserData>); + returnValue: _i4.Future.value(), + returnValueForMissingStub: _i4.Future.value(), + ) as _i4.Future); @override - _i3.Future<_i2.UserData> signIn() => (super.noSuchMethod( + _i4.Future<_i2.GetCredentialResult> getCredential( + _i2.GetCredentialRequestParams? params) => + (super.noSuchMethod( Invocation.method( - #signIn, - [], + #getCredential, + [params], ), - returnValue: _i3.Future<_i2.UserData>.value(_FakeUserData_0( + returnValue: _i4.Future<_i2.GetCredentialResult>.value( + _i3.dummyValue<_i2.GetCredentialResult>( this, Invocation.method( - #signIn, - [], + #getCredential, + [params], ), )), - ) as _i3.Future<_i2.UserData>); - - @override - _i3.Future getAccessToken( - String? arg_email, - bool? arg_shouldRecoverAuth, - ) => - (super.noSuchMethod( - Invocation.method( - #getAccessToken, - [ - arg_email, - arg_shouldRecoverAuth, - ], - ), - returnValue: _i3.Future.value(_i4.dummyValue( + returnValueForMissingStub: _i4.Future<_i2.GetCredentialResult>.value( + _i3.dummyValue<_i2.GetCredentialResult>( this, Invocation.method( - #getAccessToken, - [ - arg_email, - arg_shouldRecoverAuth, - ], + #getCredential, + [params], ), )), - ) as _i3.Future); + ) as _i4.Future<_i2.GetCredentialResult>); @override - _i3.Future signOut() => (super.noSuchMethod( + _i4.Future clearCredentialState() => (super.noSuchMethod( Invocation.method( - #signOut, + #clearCredentialState, [], ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); + returnValue: _i4.Future.value(), + returnValueForMissingStub: _i4.Future.value(), + ) as _i4.Future); @override - _i3.Future disconnect() => (super.noSuchMethod( - Invocation.method( - #disconnect, - [], - ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); - - @override - _i3.Future isSignedIn() => (super.noSuchMethod( - Invocation.method( - #isSignedIn, - [], - ), - returnValue: _i3.Future.value(false), - ) as _i3.Future); - - @override - _i3.Future clearAuthCache(String? arg_token) => (super.noSuchMethod( - Invocation.method( - #clearAuthCache, - [arg_token], - ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); - - @override - _i3.Future requestScopes(List? arg_scopes) => + _i4.Future<_i2.AuthorizeResult> authorize( + _i2.PlatformAuthorizationRequest? params, { + required bool? promptIfUnauthorized, + }) => (super.noSuchMethod( Invocation.method( - #requestScopes, - [arg_scopes], + #authorize, + [params], + {#promptIfUnauthorized: promptIfUnauthorized}, ), - returnValue: _i3.Future.value(false), - ) as _i3.Future); + returnValue: _i4.Future<_i2.AuthorizeResult>.value( + _i3.dummyValue<_i2.AuthorizeResult>( + this, + Invocation.method( + #authorize, + [params], + {#promptIfUnauthorized: promptIfUnauthorized}, + ), + )), + returnValueForMissingStub: _i4.Future<_i2.AuthorizeResult>.value( + _i3.dummyValue<_i2.AuthorizeResult>( + this, + Invocation.method( + #authorize, + [params], + {#promptIfUnauthorized: promptIfUnauthorized}, + ), + )), + ) as _i4.Future<_i2.AuthorizeResult>); } diff --git a/packages/google_sign_in/google_sign_in_ios/CHANGELOG.md b/packages/google_sign_in/google_sign_in_ios/CHANGELOG.md index d32531c1792..6a0cd9dc4ff 100644 --- a/packages/google_sign_in/google_sign_in_ios/CHANGELOG.md +++ b/packages/google_sign_in/google_sign_in_ios/CHANGELOG.md @@ -1,5 +1,7 @@ -## NEXT +## 6.0.0 +* **BREAKING CHANGE**: Switches to implementing version 3.0 of the platform + interface package, rather than 2.x, significantly changing the API surface. * Updates minimum supported SDK version to Flutter 3.27/Dart 3.6. ## 5.9.0 diff --git a/packages/google_sign_in/google_sign_in_ios/README.md b/packages/google_sign_in/google_sign_in_ios/README.md index 3fe0f7a1307..9d70264a7de 100644 --- a/packages/google_sign_in/google_sign_in_ios/README.md +++ b/packages/google_sign_in/google_sign_in_ios/README.md @@ -11,24 +11,6 @@ so you do not need to add it to your `pubspec.yaml`. However, if you `import` this package to use any of its APIs directly, you should add it to your `pubspec.yaml` as usual. -### macOS setup - -The GoogleSignIn SDK requires keychain sharing to be enabled, by [adding the -following entitlements](https://flutter.dev/to/macos-entitlements): - -```xml - keychain-access-groups - - $(AppIdentifierPrefix)com.google.GIDSignIn - -``` - -Without this step, the plugin will throw a `keychain error` `PlatformException` -when trying to sign in. - -[1]: https://pub.dev/packages/google_sign_in -[2]: https://flutter.dev/to/endorsed-federated-plugin - ### iOS integration 1. [Create a Firebase project](https://firebase.google.com/docs/ios/setup#create-firebase-project) @@ -73,17 +55,48 @@ when trying to sign in. ``` As an alternative to editing the `Info.plist` in your Xcode project, -you can instead configure your app in Dart code. In this case, skip steps 4 to 5 - and pass `clientId` and `serverClientId` to the `GoogleSignIn` constructor: +you can instead configure your app in Dart code. In this case, skip steps 4 and +5 and pass `clientId` and `serverClientId` to the `GoogleSignIn` initialization: - + ```dart -final GoogleSignIn googleSignIn = GoogleSignIn( - // The OAuth client id of your app. This is required. +final GoogleSignInPlatform signIn = GoogleSignInPlatform.instance; +await signIn.init(const InitParameters( + // The OAuth client ID of your app. This is required. clientId: 'Your Client ID', - // If you need to authenticate to a backend server, specify its OAuth client. This is optional. + // If you need to authenticate to a backend server, specify the server's + // OAuth client ID. This is optional. serverClientId: 'Your Server ID', -); +)); ``` Note that step 6 is still required. + +#### App Store requirements + +Apple's App Review Guidelines impose +[extra login option requirements](https://developer.apple.com/app-store/review/guidelines/#login-services) +on apps that include Google Sign-In. Other packages, such as the Flutter Favorite +[`sign_in_with_apple`](https://pub.dev/packages/sign_in_with_apple), may +be useful in satisfying the review requirements. + +### macOS integration + +Follow the steps above for iOS integration, but using the `Info.plist` in the +`macos` directory. + +In addition, the GoogleSignIn SDK requires keychain sharing to be enabled, by +[adding the following entitlements](https://flutter.dev/to/macos-entitlements): + +```xml + keychain-access-groups + + $(AppIdentifierPrefix)com.google.GIDSignIn + +``` + +Without this step, the plugin will throw a `keychain error` `PlatformException` +when trying to sign in. + +[1]: https://pub.dev/packages/google_sign_in +[2]: https://flutter.dev/to/endorsed-federated-plugin diff --git a/packages/google_sign_in/google_sign_in_ios/darwin/Tests/GoogleSignInTests.m b/packages/google_sign_in/google_sign_in_ios/darwin/Tests/GoogleSignInTests.m index 6ec7f908862..fa33c254ca6 100644 --- a/packages/google_sign_in/google_sign_in_ios/darwin/Tests/GoogleSignInTests.m +++ b/packages/google_sign_in/google_sign_in_ios/darwin/Tests/GoogleSignInTests.m @@ -71,22 +71,7 @@ - (void)testDisconnect { [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -- (void)testDisconnectIgnoresError { - NSError *sdkError = [NSError errorWithDomain:kGIDSignInErrorDomain - code:kGIDSignInErrorCodeHasNoAuthInKeychain - userInfo:nil]; - [(GIDSignIn *)[self.mockSignIn stub] - disconnectWithCompletion:[OCMArg invokeBlockWithArgs:sdkError, nil]]; - - XCTestExpectation *expectation = [self expectationWithDescription:@"expect result returns true"]; - [self.plugin disconnectWithCompletion:^(FlutterError *error) { - XCTAssertNil(error); - [expectation fulfill]; - }]; - [self waitForExpectationsWithTimeout:5.0 handler:nil]; -} - -#pragma mark - Init +#pragma mark - Configure - (void)testInitNoClientIdNoError { // Init plugin without GoogleService-Info.plist. @@ -95,13 +80,12 @@ - (void)testInitNoClientIdNoError { googleServiceProperties:nil]; // init call does not provide a clientId. - FSIInitParams *params = [FSIInitParams makeWithScopes:@[] - hostedDomain:nil - clientId:nil - serverClientId:nil]; + FSIPlatformConfigurationParams *params = [FSIPlatformConfigurationParams makeWithClientId:nil + serverClientId:nil + hostedDomain:nil]; FlutterError *error; - [self.plugin initializeSignInWithParameters:params error:&error]; + [self.plugin configureWithParameters:params error:&error]; XCTAssertNil(error); } @@ -109,29 +93,25 @@ - (void)testInitGoogleServiceInfoPlist { self.plugin = [[FLTGoogleSignInPlugin alloc] initWithSignIn:self.mockSignIn registrar:self.mockPluginRegistrar googleServiceProperties:self.googleServiceInfo]; - FSIInitParams *params = [FSIInitParams makeWithScopes:@[] - hostedDomain:@"example.com" - clientId:nil - serverClientId:nil]; + FSIPlatformConfigurationParams *params = + [FSIPlatformConfigurationParams makeWithClientId:nil + serverClientId:nil + hostedDomain:@"example.com"]; + + OCMExpect([self.mockSignIn + setConfiguration:[OCMArg checkWithBlock:^BOOL(GIDConfiguration *config) { + XCTAssertEqualObjects(config.hostedDomain, @"example.com"); + // Set in example app GoogleService-Info.plist. + XCTAssertEqualObjects( + config.clientID, + @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); + XCTAssertEqualObjects(config.serverClientID, @"YOUR_SERVER_CLIENT_ID"); + return YES; + }]]); - FlutterError *initializationError; - [self.plugin initializeSignInWithParameters:params error:&initializationError]; - XCTAssertNil(initializationError); - - // Initialization values used in the next sign in request. - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error){ - }]; - OCMVerify([self configureMock:self.mockSignIn - forSignInWithHint:nil - additionalScopes:OCMOCK_ANY - completion:OCMOCK_ANY]); - - XCTAssertEqualObjects(self.plugin.configuration.hostedDomain, @"example.com"); - // Set in example app GoogleService-Info.plist. - XCTAssertEqualObjects( - self.plugin.configuration.clientID, - @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); - XCTAssertEqualObjects(self.plugin.configuration.serverClientID, @"YOUR_SERVER_CLIENT_ID"); + FlutterError *error; + [self.plugin configureWithParameters:params error:&error]; + XCTAssertNil(error); } - (void)testInitDynamicClientIdNullDomain { @@ -140,96 +120,75 @@ - (void)testInitDynamicClientIdNullDomain { registrar:self.mockPluginRegistrar googleServiceProperties:nil]; - FSIInitParams *params = [FSIInitParams makeWithScopes:@[] - hostedDomain:nil - clientId:@"mockClientId" - serverClientId:nil]; + OCMExpect( + [self.mockSignIn setConfiguration:[OCMArg checkWithBlock:^BOOL(GIDConfiguration *config) { + XCTAssertEqualObjects(config.hostedDomain, nil); + XCTAssertEqualObjects(config.clientID, @"mockClientId"); + XCTAssertEqualObjects(config.serverClientID, nil); + return YES; + }]]); + + FSIPlatformConfigurationParams *params = + [FSIPlatformConfigurationParams makeWithClientId:@"mockClientId" + serverClientId:nil + hostedDomain:nil]; FlutterError *initializationError; - [self.plugin initializeSignInWithParameters:params error:&initializationError]; + [self.plugin configureWithParameters:params error:&initializationError]; XCTAssertNil(initializationError); - // Initialization values used in the next sign in request. - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error){ - }]; - OCMVerify([self configureMock:self.mockSignIn - forSignInWithHint:nil - additionalScopes:OCMOCK_ANY - completion:OCMOCK_ANY]); - - XCTAssertEqualObjects(self.plugin.configuration.hostedDomain, nil); - XCTAssertEqualObjects(self.plugin.configuration.clientID, @"mockClientId"); - XCTAssertEqualObjects(self.plugin.configuration.serverClientID, nil); + OCMVerifyAll(self.mockSignIn); } - (void)testInitDynamicServerClientIdNullDomain { self.plugin = [[FLTGoogleSignInPlugin alloc] initWithSignIn:self.mockSignIn registrar:self.mockPluginRegistrar googleServiceProperties:self.googleServiceInfo]; - FSIInitParams *params = [FSIInitParams makeWithScopes:@[] - hostedDomain:nil - clientId:nil - serverClientId:@"mockServerClientId"]; + FSIPlatformConfigurationParams *params = + [FSIPlatformConfigurationParams makeWithClientId:nil + serverClientId:@"mockServerClientId" + hostedDomain:nil]; + + OCMExpect([self.mockSignIn + setConfiguration:[OCMArg checkWithBlock:^BOOL(GIDConfiguration *config) { + XCTAssertEqualObjects(config.hostedDomain, nil); + // Set in example app GoogleService-Info.plist. + XCTAssertEqualObjects( + config.clientID, + @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); + XCTAssertEqualObjects(config.serverClientID, @"mockServerClientId"); + return YES; + }]]); + FlutterError *initializationError; - [self.plugin initializeSignInWithParameters:params error:&initializationError]; + [self.plugin configureWithParameters:params error:&initializationError]; XCTAssertNil(initializationError); - - // Initialization values used in the next sign in request. - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error){ - }]; - OCMVerify([self configureMock:self.mockSignIn - forSignInWithHint:nil - additionalScopes:OCMOCK_ANY - completion:OCMOCK_ANY]); - - XCTAssertEqualObjects(self.plugin.configuration.hostedDomain, nil); - // Set in example app GoogleService-Info.plist. - XCTAssertEqualObjects( - self.plugin.configuration.clientID, - @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); - XCTAssertEqualObjects(self.plugin.configuration.serverClientID, @"mockServerClientId"); } - (void)testInitInfoPlist { - FSIInitParams *params = [FSIInitParams makeWithScopes:@[ @"scope1" ] - hostedDomain:@"example.com" - clientId:nil - serverClientId:nil]; + FSIPlatformConfigurationParams *params = + [FSIPlatformConfigurationParams makeWithClientId:nil + serverClientId:nil + hostedDomain:@"example.com"]; + + OCMExpect([self.mockSignIn + setConfiguration:[OCMArg checkWithBlock:^BOOL(GIDConfiguration *config) { + XCTAssertEqualObjects(config.hostedDomain, nil); + // Set in example app Info.plist. + XCTAssertEqualObjects( + config.clientID, + @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); + XCTAssertEqualObjects(config.serverClientID, @"YOUR_SERVER_CLIENT_ID"); + return YES; + }]]); FlutterError *error; self.plugin = [[FLTGoogleSignInPlugin alloc] initWithRegistrar:self.mockPluginRegistrar]; - [self.plugin initializeSignInWithParameters:params error:&error]; - XCTAssertNil(error); - XCTAssertNil(self.plugin.configuration); - XCTAssertNotNil(self.plugin.requestedScopes); - // Set in example app Info.plist. - XCTAssertEqualObjects( - self.plugin.signIn.configuration.clientID, - @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); - XCTAssertEqualObjects(self.plugin.signIn.configuration.serverClientID, @"YOUR_SERVER_CLIENT_ID"); -} - -#pragma mark - Is signed in - -- (void)testIsNotSignedIn { - OCMStub([self.mockSignIn hasPreviousSignIn]).andReturn(NO); - - FlutterError *error; - NSNumber *result = [self.plugin isSignedInWithError:&error]; - XCTAssertNil(error); - XCTAssertFalse(result.boolValue); -} - -- (void)testIsSignedIn { - OCMStub([self.mockSignIn hasPreviousSignIn]).andReturn(YES); - - FlutterError *error; - NSNumber *result = [self.plugin isSignedInWithError:&error]; + [self.plugin configureWithParameters:params error:&error]; XCTAssertNil(error); - XCTAssertTrue(result.boolValue); } -#pragma mark - Sign in silently +#pragma mark - restorePreviousSignIn - (void)testSignInSilently { id mockUser = OCMClassMock([GIDGoogleUser class]); @@ -240,20 +199,23 @@ - (void)testSignInSilently { invokeBlockWithArgs:mockUser, [NSNull null], nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin signInSilentlyWithCompletion:^(FSIUserData *user, FlutterError *error) { + [self.plugin restorePreviousSignInWithCompletion:^(FSISignInResult *result, FlutterError *error) { XCTAssertNil(error); - XCTAssertNotNil(user); + XCTAssertNil(result.error); + XCTAssertNotNil(result.success); + FSIUserData *user = result.success.user; XCTAssertNil(user.displayName); XCTAssertNil(user.email); XCTAssertEqualObjects(user.userId, @"mockID"); XCTAssertNil(user.photoUrl); - XCTAssertNil(user.serverAuthCode); + XCTAssertNil(result.success.accessToken); + XCTAssertNil(result.success.serverAuthCode); [expectation fulfill]; }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -- (void)testSignInSilentlyWithError { +- (void)testRestorePreviousSignInWithError { NSError *sdkError = [NSError errorWithDomain:kGIDSignInErrorDomain code:kGIDSignInErrorCodeHasNoAuthInKeychain userInfo:nil]; @@ -263,15 +225,16 @@ - (void)testSignInSilentlyWithError { invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin signInSilentlyWithCompletion:^(FSIUserData *user, FlutterError *error) { - XCTAssertNil(user); - XCTAssertEqualObjects(error.code, @"sign_in_required"); + [self.plugin restorePreviousSignInWithCompletion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, FSIGoogleSignInErrorCodeNoAuthInKeychain); [expectation fulfill]; }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -#pragma mark - Sign in +#pragma mark - signIn - (void)testSignIn { self.plugin = [[FLTGoogleSignInPlugin alloc] initWithSignIn:self.mockSignIn @@ -285,12 +248,17 @@ - (void)testSignIn { OCMStub([mockUserProfile imageURLWithDimension:1337]) .andReturn([NSURL URLWithString:@"https://example.com/profile.png"]); + NSString *accessToken = @"mockAccessToken"; + NSString *serverAuthCode = @"mockAuthCode"; OCMStub([mockUser profile]).andReturn(mockUserProfile); OCMStub([mockUser userID]).andReturn(@"mockID"); + id mockAccessToken = OCMClassMock([GIDToken class]); + OCMStub([mockAccessToken tokenString]).andReturn(accessToken); + OCMStub([mockUser accessToken]).andReturn(mockAccessToken); id mockSignInResult = OCMClassMock([GIDSignInResult class]); OCMStub([mockSignInResult user]).andReturn(mockUser); - OCMStub([mockSignInResult serverAuthCode]).andReturn(@"mockAuthCode"); + OCMStub([mockSignInResult serverAuthCode]).andReturn(serverAuthCode); [self configureMock:[self.mockSignIn expect] forSignInWithHint:nil @@ -298,53 +266,53 @@ - (void)testSignIn { completion:[OCMArg invokeBlockWithArgs:mockSignInResult, [NSNull null], nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error) { - XCTAssertNil(error); - XCTAssertEqualObjects(user.displayName, @"mockDisplay"); - XCTAssertEqualObjects(user.email, @"mock@example.com"); - XCTAssertEqualObjects(user.userId, @"mockID"); - XCTAssertEqualObjects(user.photoUrl, @"https://example.com/profile.png"); - XCTAssertEqualObjects(user.serverAuthCode, @"mockAuthCode"); - [expectation fulfill]; - }]; + [self.plugin signInWithScopeHint:@[] + nonce:nil + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + FSIUserData *user = result.success.user; + XCTAssertEqualObjects(user.displayName, @"mockDisplay"); + XCTAssertEqualObjects(user.email, @"mock@example.com"); + XCTAssertEqualObjects(user.userId, @"mockID"); + XCTAssertEqualObjects(user.photoUrl, @"https://example.com/profile.png"); + XCTAssertEqualObjects(result.success.accessToken, accessToken); + XCTAssertEqualObjects(result.success.serverAuthCode, serverAuthCode); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; - // Set in example app GoogleService-Info.plist. - XCTAssertEqualObjects( - self.plugin.configuration.clientID, - @"479882132969-9i9aqik3jfjd7qhci1nqf0bm2g71rm1u.apps.googleusercontent.com"); - OCMVerifyAll(self.mockSignIn); } -- (void)testSignInWithInitializedScopes { +- (void)testSignInWithScopeHint { FlutterError *initializationError; - [self.plugin - initializeSignInWithParameters:[FSIInitParams makeWithScopes:@[ @"initial1", @"initial2" ] - hostedDomain:nil - clientId:nil - serverClientId:nil] - error:&initializationError]; + [self.plugin configureWithParameters:[FSIPlatformConfigurationParams makeWithClientId:nil + serverClientId:nil + hostedDomain:nil] + error:&initializationError]; id mockUser = OCMClassMock([GIDGoogleUser class]); OCMStub([mockUser userID]).andReturn(@"mockID"); id mockSignInResult = OCMClassMock([GIDSignInResult class]); OCMStub([mockSignInResult user]).andReturn(mockUser); + NSArray *requestedScopes = @[ @"scope1", @"scope2" ]; [self configureMock:[self.mockSignIn expect] forSignInWithHint:nil additionalScopes:[OCMArg checkWithBlock:^BOOL(NSArray *scopes) { - return [[NSSet setWithArray:scopes] - isEqualToSet:[NSSet setWithObjects:@"initial1", @"initial2", nil]]; + return [[NSSet setWithArray:scopes] isEqualToSet:[NSSet setWithArray:requestedScopes]]; }] completion:[OCMArg invokeBlockWithArgs:mockSignInResult, [NSNull null], nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error) { - XCTAssertNil(error); - XCTAssertEqualObjects(user.userId, @"mockID"); - [expectation fulfill]; - }]; + [self.plugin signInWithScopeHint:requestedScopes + nonce:nil + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.error); + XCTAssertEqualObjects(result.success.user.userId, @"mockID"); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; OCMVerifyAll(self.mockSignIn); @@ -369,11 +337,14 @@ - (void)testSignInAlreadyGranted { completion:[OCMArg invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error) { - XCTAssertNil(error); - XCTAssertEqualObjects(user.userId, @"mockID"); - [expectation fulfill]; - }]; + [self.plugin signInWithScopeHint:@[] + nonce:nil + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.error); + XCTAssertEqualObjects(result.success.user.userId, @"mockID"); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } @@ -387,11 +358,16 @@ - (void)testSignInError { completion:[OCMArg invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *error) { - XCTAssertNil(user); - XCTAssertEqualObjects(error.code, @"sign_in_canceled"); - [expectation fulfill]; - }]; + [self.plugin signInWithScopeHint:@[] + nonce:nil + completion:^(FSISignInResult *result, FlutterError *error) { + // Known errors from the SDK are returned as structured data, not + // FlutterError. + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, FSIGoogleSignInErrorCodeCanceled); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } @@ -403,22 +379,27 @@ - (void)testSignInException { .andThrow([NSException exceptionWithName:@"MockName" reason:@"MockReason" userInfo:nil]); __block FlutterError *error; - XCTAssertThrows( - [self.plugin signInWithCompletion:^(FSIUserData *user, FlutterError *signInError) { - XCTAssertNil(user); - error = signInError; - }]); + XCTAssertThrows([self.plugin + signInWithScopeHint:@[] + nonce:nil + completion:^(FSISignInResult *result, FlutterError *signInError) { + // Unexpected errors, such as runtime exceptions, are returned as FlutterError. + XCTAssertNil(result); + error = signInError; + }]); XCTAssertEqualObjects(error.code, @"google_sign_in"); XCTAssertEqualObjects(error.message, @"MockReason"); XCTAssertEqualObjects(error.details, @"MockName"); } -#pragma mark - Get tokens +#pragma mark - refreshedAuthorizationTokens -- (void)testGetTokens { - id mockUser = OCMClassMock([GIDGoogleUser class]); +- (void)testRefreshTokens { + id mockUser = [self signedInMockUser]; + NSString *userIdentifier = ((GIDGoogleUser *)mockUser).userID; id mockUserResponse = OCMClassMock([GIDGoogleUser class]); + OCMStub([mockUserResponse userID]).andReturn(userIdentifier); id mockIdToken = OCMClassMock([GIDToken class]); OCMStub([mockIdToken tokenString]).andReturn(@"mockIdToken"); @@ -431,21 +412,39 @@ - (void)testGetTokens { [[mockUser stub] refreshTokensIfNeededWithCompletion:[OCMArg invokeBlockWithArgs:mockUserResponse, [NSNull null], nil]]; - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin getAccessTokenWithCompletion:^(FSITokenData *token, FlutterError *error) { - XCTAssertNil(error); - XCTAssertEqualObjects(token.idToken, @"mockIdToken"); - XCTAssertEqualObjects(token.accessToken, @"mockAccessToken"); - [expectation fulfill]; - }]; + [self.plugin + refreshedAuthorizationTokensForUser:userIdentifier + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.error); + XCTAssertEqualObjects(result.success.user.idToken, @"mockIdToken"); + XCTAssertEqualObjects(result.success.accessToken, + @"mockAccessToken"); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -- (void)testGetTokensNoAuthKeychainError { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); +- (void)testRefreshTokensUnkownUser { + XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; + [self.plugin + refreshedAuthorizationTokensForUser:@"unknownUser" + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, + FSIGoogleSignInErrorCodeUserMismatch); + XCTAssertEqualObjects(result.error.message, + @"The user is no longer signed in."); + [expectation fulfill]; + }]; + [self waitForExpectationsWithTimeout:5.0 handler:nil]; +} + +- (void)testRefreshTokensNoAuthKeychainError { + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:kGIDSignInErrorDomain code:kGIDSignInErrorCodeHasNoAuthInKeychain @@ -454,18 +453,19 @@ - (void)testGetTokensNoAuthKeychainError { sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin getAccessTokenWithCompletion:^(FSITokenData *token, FlutterError *error) { - XCTAssertNil(token); - XCTAssertEqualObjects(error.code, @"sign_in_required"); - XCTAssertEqualObjects(error.message, kGIDSignInErrorDomain); - [expectation fulfill]; - }]; + [self.plugin refreshedAuthorizationTokensForUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, + FSIGoogleSignInErrorCodeNoAuthInKeychain); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -- (void)testGetTokensCancelledError { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); +- (void)testRefreshTokensCancelledError { + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:kGIDSignInErrorDomain code:kGIDSignInErrorCodeCanceled @@ -474,18 +474,19 @@ - (void)testGetTokensCancelledError { sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin getAccessTokenWithCompletion:^(FSITokenData *token, FlutterError *error) { - XCTAssertNil(token); - XCTAssertEqualObjects(error.code, @"sign_in_canceled"); - XCTAssertEqualObjects(error.message, kGIDSignInErrorDomain); - [expectation fulfill]; - }]; + [self.plugin refreshedAuthorizationTokensForUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, + FSIGoogleSignInErrorCodeCanceled); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -- (void)testGetTokensURLError { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); +- (void)testRefreshTokensURLError { + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:NSURLErrorDomain code:NSURLErrorTimedOut @@ -494,49 +495,53 @@ - (void)testGetTokensURLError { sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin getAccessTokenWithCompletion:^(FSITokenData *token, FlutterError *error) { - XCTAssertNil(token); - XCTAssertEqualObjects(error.code, @"network_error"); - XCTAssertEqualObjects(error.message, NSURLErrorDomain); - [expectation fulfill]; - }]; + [self.plugin refreshedAuthorizationTokensForUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(result.error); + XCTAssertNil(result.success); + NSString *expectedCode = [NSString + stringWithFormat:@"%@: %ld", NSURLErrorDomain, + NSURLErrorTimedOut]; + XCTAssertEqualObjects(error.code, expectedCode); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -- (void)testGetTokensUnknownError { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); +- (void)testRefreshTokensUnknownError { + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:@"BogusDomain" code:42 userInfo:nil]; [[mockUser stub] refreshTokensIfNeededWithCompletion:[OCMArg invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin getAccessTokenWithCompletion:^(FSITokenData *token, FlutterError *error) { - XCTAssertNil(token); - XCTAssertEqualObjects(error.code, @"sign_in_failed"); - XCTAssertEqualObjects(error.message, @"BogusDomain"); - [expectation fulfill]; - }]; + [self.plugin refreshedAuthorizationTokensForUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(result.success); + XCTAssertEqualObjects(error.code, @"BogusDomain: 42"); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } -#pragma mark - Request scopes +#pragma mark - addScopes - (void)testRequestScopesResultErrorIfNotSignedIn { XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin requestScopes:@[ @"mockScope1" ] - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(success); - XCTAssertEqualObjects(error.code, @"sign_in_required"); - [expectation fulfill]; - }]; + [self.plugin addScopes:@[ @"mockScope1" ] + forUser:@"unknownUser" + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, FSIGoogleSignInErrorCodeUserMismatch); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } - (void)testRequestScopesIfNoMissingScope { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:kGIDSignInErrorDomain code:kGIDSignInErrorCodeScopesAlreadyGranted @@ -546,18 +551,19 @@ - (void)testRequestScopesIfNoMissingScope { completion:[OCMArg invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin requestScopes:@[ @"mockScope1" ] - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(error); - XCTAssertTrue(success.boolValue); - [expectation fulfill]; - }]; + [self.plugin addScopes:@[ @"mockScope1" ] + forUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, FSIGoogleSignInErrorCodeScopesAlreadyGranted); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } - (void)testRequestScopesResultErrorIfMismatchingUser { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:kGIDSignInErrorDomain code:kGIDSignInErrorCodeMismatchWithCurrentUser @@ -567,18 +573,19 @@ - (void)testRequestScopesResultErrorIfMismatchingUser { completion:[OCMArg invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin requestScopes:@[ @"mockScope1" ] - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(success); - XCTAssertEqualObjects(error.code, @"mismatch_user"); - [expectation fulfill]; - }]; + [self.plugin addScopes:@[ @"mockScope1" ] + forUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(error); + XCTAssertNil(result.success); + XCTAssertEqual(result.error.type, FSIGoogleSignInErrorCodeUserMismatch); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } - (void)testRequestScopesWithUnknownError { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); + id mockUser = [self signedInMockUser]; NSError *sdkError = [NSError errorWithDomain:@"BogusDomain" code:42 userInfo:nil]; [self configureMock:[mockUser stub] @@ -586,110 +593,42 @@ - (void)testRequestScopesWithUnknownError { completion:[OCMArg invokeBlockWithArgs:[NSNull null], sdkError, nil]]; XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin requestScopes:@[ @"mockScope1" ] - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(error); - XCTAssertFalse(success.boolValue); - [expectation fulfill]; - }]; + [self.plugin addScopes:@[ @"mockScope1" ] + forUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(result); + XCTAssertEqualObjects(error.code, @"BogusDomain: 42"); + [expectation fulfill]; + }]; [self waitForExpectationsWithTimeout:5.0 handler:nil]; } - (void)testRequestScopesException { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); + id mockUser = [self signedInMockUser]; OCMExpect([self configureMock:mockUser forAddScopes:@[] completion:OCMOCK_ANY]) .andThrow([NSException exceptionWithName:@"MockName" reason:@"MockReason" userInfo:nil]); - [self.plugin requestScopes:@[] - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(success); - XCTAssertEqualObjects(error.code, @"request_scopes"); - XCTAssertEqualObjects(error.message, @"MockReason"); - XCTAssertEqualObjects(error.details, @"MockName"); - }]; -} - -- (void)testRequestScopesReturnsFalseIfOnlySubsetGranted { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); - NSArray *requestedScopes = @[ @"mockScope1", @"mockScope2" ]; - - // Only grant one of the two requested scopes. - id mockSignInResult = OCMClassMock([GIDSignInResult class]); - OCMStub([mockUser grantedScopes]).andReturn(@[ @"mockScope1" ]); - OCMStub([mockSignInResult user]).andReturn(mockUser); - - [self configureMock:[mockUser stub] - forAddScopes:requestedScopes - completion:[OCMArg invokeBlockWithArgs:mockSignInResult, [NSNull null], nil]]; - - XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin requestScopes:requestedScopes - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(error); - XCTAssertFalse(success.boolValue); - [expectation fulfill]; - }]; - [self waitForExpectationsWithTimeout:5.0 handler:nil]; + [self.plugin addScopes:@[] + forUser:((GIDGoogleUser *)mockUser).userID + completion:^(FSISignInResult *result, FlutterError *error) { + XCTAssertNil(result); + XCTAssertEqualObjects(error.code, @"request_scopes"); + XCTAssertEqualObjects(error.message, @"MockReason"); + XCTAssertEqualObjects(error.details, @"MockName"); + }]; } -- (void)testRequestsInitializedScopes { - id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); - - FSIInitParams *params = [FSIInitParams makeWithScopes:@[ @"initial1", @"initial2" ] - hostedDomain:nil - clientId:nil - serverClientId:nil]; - FlutterError *initializationError; - [self.plugin initializeSignInWithParameters:params error:&initializationError]; - XCTAssertNil(initializationError); - - // Include one of the initially requested scopes. - NSArray *addedScopes = @[ @"initial1", @"addScope1", @"addScope2" ]; - - [self.plugin requestScopes:addedScopes - completion:^(NSNumber *success, FlutterError *error){ - }]; - - // All four scopes are requested. - [self configureMock:[mockUser verify] - forAddScopes:[OCMArg checkWithBlock:^BOOL(NSArray *scopes) { - return [[NSSet setWithArray:scopes] - isEqualToSet:[NSSet setWithObjects:@"initial1", @"initial2", @"addScope1", - @"addScope2", nil]]; - }] - completion:OCMOCK_ANY]; -} +#pragma mark - Utils -- (void)testRequestScopesReturnsTrueIfGranted { +- (id)signedInMockUser { + NSString *identifier = @"mockID"; id mockUser = OCMClassMock([GIDGoogleUser class]); - OCMStub([self.mockSignIn currentUser]).andReturn(mockUser); - NSArray *requestedScopes = @[ @"mockScope1", @"mockScope2" ]; - - // Grant both of the requested scopes. - id mockSignInResult = OCMClassMock([GIDSignInResult class]); - OCMStub([mockUser grantedScopes]).andReturn(requestedScopes); - OCMStub([mockSignInResult user]).andReturn(mockUser); - - [self configureMock:[mockUser stub] - forAddScopes:requestedScopes - completion:[OCMArg invokeBlockWithArgs:mockSignInResult, [NSNull null], nil]]; - - XCTestExpectation *expectation = [self expectationWithDescription:@"completion called"]; - [self.plugin requestScopes:requestedScopes - completion:^(NSNumber *success, FlutterError *error) { - XCTAssertNil(error); - XCTAssertTrue(success.boolValue); - [expectation fulfill]; - }]; - [self waitForExpectationsWithTimeout:5.0 handler:nil]; + OCMStub([mockUser userID]).andReturn(identifier); + self.plugin.usersByIdentifier[identifier] = mockUser; + return mockUser; } -#pragma mark - Utils - - (void)configureMock:(id)mock forAddScopes:(NSArray *)scopes completion:(nullable void (^)(GIDSignInResult *_Nullable signInResult, diff --git a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/FLTGoogleSignInPlugin.m b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/FLTGoogleSignInPlugin.m index 79b80778880..5412429662c 100644 --- a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/FLTGoogleSignInPlugin.m +++ b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/FLTGoogleSignInPlugin.m @@ -14,7 +14,7 @@ static NSString *const kServerClientIdKey = @"SERVER_CLIENT_ID"; -static NSDictionary *loadGoogleServiceInfo(void) { +static NSDictionary *FSILoadGoogleServiceInfo(void) { NSString *plistPath = [[NSBundle mainBundle] pathForResource:@"GoogleService-Info" ofType:@"plist"]; if (plistPath) { @@ -23,35 +23,83 @@ return nil; } -// These error codes must match with ones declared on Android and Dart sides. -static NSString *const kErrorReasonSignInRequired = @"sign_in_required"; -static NSString *const kErrorReasonSignInCanceled = @"sign_in_canceled"; -static NSString *const kErrorReasonNetworkError = @"network_error"; -static NSString *const kErrorReasonSignInFailed = @"sign_in_failed"; - -static FlutterError *getFlutterError(NSError *error) { - NSString *errorCode; - if (error.code == kGIDSignInErrorCodeHasNoAuthInKeychain) { - errorCode = kErrorReasonSignInRequired; - } else if (error.code == kGIDSignInErrorCodeCanceled) { - errorCode = kErrorReasonSignInCanceled; - } else if ([error.domain isEqualToString:NSURLErrorDomain]) { - errorCode = kErrorReasonNetworkError; +/// Deep-converts values to something that can be safely encoded with the standard message codec, +/// for use in making NSError userInfo values safe to send as FlutterError details. +/// +/// Unexpected types are converted to a +static id FSISanitizedUserInfo(id value) { + if ([value isKindOfClass:[NSError class]]) { + NSError *error = value; + return @{ + @"domain" : error.domain, + @"code" : [NSString stringWithFormat:@"%ld", (long)error.code], + @"localizedDescription" : error.localizedDescription, + @"userInfo" : FSISanitizedUserInfo(error.userInfo), + }; + } else if ([value isKindOfClass:[NSString class]]) { + return value; + } else if ([value isKindOfClass:[NSURL class]]) { + return [value absoluteString]; + } else if ([value isKindOfClass:[NSNumber class]]) { + return value; + } else if ([value isKindOfClass:[NSArray class]]) { + NSArray *array = value; + NSMutableArray *safeValues = [[NSMutableArray alloc] initWithCapacity:array.count]; + for (id item in array) { + [safeValues addObject:FSISanitizedUserInfo(item)]; + } + return safeValues; + } else if ([value isKindOfClass:[NSDictionary class]]) { + NSDictionary *dict = value; + NSMutableDictionary *safeValues = [[NSMutableDictionary alloc] initWithCapacity:dict.count]; + for (id key in dict) { + safeValues[key] = FSISanitizedUserInfo(dict[key]); + } + return safeValues; } else { - errorCode = kErrorReasonSignInFailed; + return [NSString stringWithFormat:@"[Unsupported type: %@]", NSStringFromClass([value class])]; + } +} + +/// Maps an NSError to a corresponding FlutterError. +/// +/// This should only be used when an error can't be recognized and mapped to a +/// GoogleSignInErrorCode. +static FlutterError *FSIFlutterErrorForNSError(NSError *error) { + return [FlutterError + errorWithCode:[NSString stringWithFormat:@"%@: %ld", error.domain, (long)error.code] + message:error.localizedDescription + details:FSISanitizedUserInfo(error.userInfo)]; +} + +/// Maps a GIDSignInErrorCode to the corresponding Pigeon GoogleSignInErrorCode +static FSIGoogleSignInErrorCode FSIPigeonErrorCodeForGIDSignInErrorCode(NSInteger code) { + switch (code) { + case kGIDSignInErrorCodeKeychain: + return FSIGoogleSignInErrorCodeKeychainError; + case kGIDSignInErrorCodeCanceled: + return FSIGoogleSignInErrorCodeCanceled; + case kGIDSignInErrorCodeHasNoAuthInKeychain: + return FSIGoogleSignInErrorCodeNoAuthInKeychain; + case kGIDSignInErrorCodeEMM: + return FSIGoogleSignInErrorCodeEemError; + case kGIDSignInErrorCodeScopesAlreadyGranted: + return FSIGoogleSignInErrorCodeScopesAlreadyGranted; + case kGIDSignInErrorCodeMismatchWithCurrentUser: + return FSIGoogleSignInErrorCodeUserMismatch; + case kGIDSignInErrorCodeUnknown: + default: + return FSIGoogleSignInErrorCodeUnknown; } - return [FlutterError errorWithCode:errorCode - message:error.domain - details:error.localizedDescription]; } @interface FLTGoogleSignInPlugin () // The contents of GoogleService-Info.plist, if it exists. -@property(strong, nullable) NSDictionary *googleServiceProperties; +@property(nonatomic, nullable) NSDictionary *googleServiceProperties; // The plugin registrar, for querying views. -@property(strong, nonnull) id registrar; +@property(nonatomic, nonnull) id registrar; @end @@ -60,7 +108,7 @@ @implementation FLTGoogleSignInPlugin + (void)registerWithRegistrar:(NSObject *)registrar { FLTGoogleSignInPlugin *instance = [[FLTGoogleSignInPlugin alloc] initWithRegistrar:registrar]; [registrar addApplicationDelegate:instance]; - FSIGoogleSignInApiSetup(registrar.messenger, instance); + SetUpFSIGoogleSignInApi(registrar.messenger, instance); } - (instancetype)initWithRegistrar:(NSObject *)registrar { @@ -71,7 +119,7 @@ - (instancetype)initWithSignIn:(GIDSignIn *)signIn registrar:(NSObject *)registrar { return [self initWithSignIn:signIn registrar:registrar - googleServiceProperties:loadGoogleServiceInfo()]; + googleServiceProperties:FSILoadGoogleServiceInfo()]; } - (instancetype)initWithSignIn:(GIDSignIn *)signIn @@ -82,11 +130,11 @@ - (instancetype)initWithSignIn:(GIDSignIn *)signIn _signIn = signIn; _registrar = registrar; _googleServiceProperties = googleServiceProperties; + _usersByIdentifier = [[NSMutableDictionary alloc] init]; // On the iOS simulator, we get "Broken pipe" errors after sign-in for some // unknown reason. We can avoid crashing the app by ignoring them. signal(SIGPIPE, SIG_IGN); - _requestedScopes = [[NSSet alloc] init]; } return self; } @@ -101,7 +149,7 @@ - (BOOL)application:(UIApplication *)app openURL:(NSURL *)url options:(NSDiction - (BOOL)handleOpenURLs:(NSArray *)urls { BOOL handled = NO; for (NSURL *url in urls) { - handled = handled || [self.signIn handleURL:url]; + handled = [self.signIn handleURL:url] || handled; } return handled; } @@ -109,62 +157,42 @@ - (BOOL)handleOpenURLs:(NSArray *)urls { #pragma mark - FSIGoogleSignInApi -- (void)initializeSignInWithParameters:(nonnull FSIInitParams *)params - error:(FlutterError *_Nullable __autoreleasing *_Nonnull)error { +- (void)configureWithParameters:(FSIPlatformConfigurationParams *)params + error:(FlutterError *_Nullable *_Nonnull)error { + // If configuration information was passed from Dart, or present in GoogleService-Info.plist, + // use that. Otherwise, keep the default configuration, which GIDSignIn will automatically + // populate from Info.plist values (the recommended configuration method). GIDConfiguration *configuration = [self configurationWithClientIdentifier:params.clientId serverClientIdentifier:params.serverClientId hostedDomain:params.hostedDomain]; - self.requestedScopes = [NSSet setWithArray:params.scopes]; - if (configuration != nil) { - self.configuration = configuration; + if (configuration) { + self.signIn.configuration = configuration; } } -- (void)signInSilentlyWithCompletion:(nonnull void (^)(FSIUserData *_Nullable, - FlutterError *_Nullable))completion { +- (void)restorePreviousSignInWithCompletion:(nonnull void (^)(FSISignInResult *_Nullable, + FlutterError *_Nullable))completion { + __weak typeof(self) weakSelf = self; [self.signIn restorePreviousSignInWithCompletion:^(GIDGoogleUser *_Nullable user, NSError *_Nullable error) { - if (user != nil) { - [self didSignInForUser:user withServerAuthCode:nil completion:completion]; - } else { - // Forward all errors and let Dart side decide how to handle. - completion(nil, getFlutterError(error)); - } + [weakSelf handleAuthResultWithUser:user serverAuthCode:nil error:error completion:completion]; }]; } -- (nullable NSNumber *)isSignedInWithError: - (FlutterError *_Nullable __autoreleasing *_Nonnull)error { - return @([self.signIn hasPreviousSignIn]); -} - -- (void)signInWithCompletion:(nonnull void (^)(FSIUserData *_Nullable, - FlutterError *_Nullable))completion { +- (void)signInWithScopeHint:(NSArray *)scopeHint + nonce:(nullable NSString *)nonce + completion:(nonnull void (^)(FSISignInResult *_Nullable, + FlutterError *_Nullable))completion { @try { - // If the configuration settings are passed from the Dart API, use those. - // Otherwise, use settings from the GoogleService-Info.plist if available. - // If neither are available, do not set the configuration - GIDSignIn will automatically use - // settings from the Info.plist (which is the recommended method). - if (!self.configuration && self.googleServiceProperties) { - self.configuration = [self configurationWithClientIdentifier:nil - serverClientIdentifier:nil - hostedDomain:nil]; - } - if (self.configuration) { - self.signIn.configuration = self.configuration; - } - + __weak typeof(self) weakSelf = self; [self signInWithHint:nil - additionalScopes:self.requestedScopes.allObjects + additionalScopes:scopeHint + nonce:nonce completion:^(GIDSignInResult *_Nullable signInResult, NSError *_Nullable error) { - if (signInResult) { - [self didSignInForUser:signInResult.user - withServerAuthCode:signInResult.serverAuthCode - completion:completion]; - } else { - // Forward all errors and let Dart side decide how to handle. - completion(nil, getFlutterError(error)); - } + [weakSelf handleAuthResultWithUser:signInResult.user + serverAuthCode:signInResult.serverAuthCode + error:error + completion:completion]; }]; } @catch (NSException *e) { completion(nil, [FlutterError errorWithCode:@"google_sign_in" message:e.reason details:e.name]); @@ -172,79 +200,86 @@ - (void)signInWithCompletion:(nonnull void (^)(FSIUserData *_Nullable, } } -- (void)getAccessTokenWithCompletion:(nonnull void (^)(FSITokenData *_Nullable, - FlutterError *_Nullable))completion { - GIDGoogleUser *currentUser = self.signIn.currentUser; - [currentUser refreshTokensIfNeededWithCompletion:^(GIDGoogleUser *_Nullable user, - NSError *_Nullable error) { - if (error) { - completion(nil, getFlutterError(error)); - } else { - completion([FSITokenData makeWithIdToken:user.idToken.tokenString - accessToken:user.accessToken.tokenString], - nil); - } +- (void)refreshedAuthorizationTokensForUser:(NSString *)userId + completion:(nonnull void (^)(FSISignInResult *_Nullable, + FlutterError *_Nullable))completion { + GIDGoogleUser *user = self.usersByIdentifier[userId]; + if (user == nil) { + completion( + [FSISignInResult + makeWithSuccess:nil + error:[FSISignInFailure makeWithType:FSIGoogleSignInErrorCodeUserMismatch + message:@"The user is no longer signed in." + details:nil]], + nil); + return; + } + + __weak typeof(self) weakSelf = self; + [user refreshTokensIfNeededWithCompletion:^(GIDGoogleUser *_Nullable refreshedUser, + NSError *_Nullable error) { + [weakSelf handleAuthResultWithUser:refreshedUser + serverAuthCode:nil + error:error + completion:completion]; }]; } +- (void)addScopes:(nonnull NSArray *)scopes + forUser:(nonnull NSString *)userId + completion: + (nonnull void (^)(FSISignInResult *_Nullable, FlutterError *_Nullable))completion { + GIDGoogleUser *user = self.usersByIdentifier[userId]; + if (user == nil) { + completion( + [FSISignInResult + makeWithSuccess:nil + error:[FSISignInFailure makeWithType:FSIGoogleSignInErrorCodeUserMismatch + message:@"The user is no longer signed in." + details:nil]], + nil); + return; + } + + @try { + __weak typeof(self) weakSelf = self; + [self addScopes:scopes + forGoogleSignInUser:user + completion:^(GIDSignInResult *_Nullable signInResult, NSError *_Nullable error) { + [weakSelf handleAuthResultWithUser:signInResult.user + serverAuthCode:signInResult.serverAuthCode + error:error + completion:completion]; + }]; + } @catch (NSException *e) { + completion(nil, [FlutterError errorWithCode:@"request_scopes" message:e.reason details:e.name]); + } +} + - (void)signOutWithError:(FlutterError *_Nullable *_Nonnull)error { [self.signIn signOut]; + // usersByIdentifier is left populated, because the SDK may still support some operations on the + // GIDGoogleUser object (e.g., returning existing, non-expired tokens). Operations that the SDK + // doesn't support will return SDK errors that we can handle as normal. } - (void)disconnectWithCompletion:(nonnull void (^)(FlutterError *_Nullable))completion { [self.signIn disconnectWithCompletion:^(NSError *_Nullable error) { - // TODO(stuartmorgan): This preserves the pre-Pigeon-migration behavior, but it's unclear why - // 'error' is being ignored here. - completion(nil); + completion(error ? FSIFlutterErrorForNSError(error) : nil); }]; } -- (void)requestScopes:(nonnull NSArray *)scopes - completion:(nonnull void (^)(NSNumber *_Nullable, FlutterError *_Nullable))completion { - self.requestedScopes = [self.requestedScopes setByAddingObjectsFromArray:scopes]; - NSSet *requestedScopes = self.requestedScopes; - - @try { - GIDGoogleUser *currentUser = self.signIn.currentUser; - if (currentUser == nil) { - completion(nil, [FlutterError errorWithCode:@"sign_in_required" - message:@"No account to grant scopes." - details:nil]); - } - [self addScopes:requestedScopes.allObjects - completion:^(GIDSignInResult *_Nullable signInResult, NSError *_Nullable addedScopeError) { - BOOL granted = NO; - FlutterError *error = nil; - - if ([addedScopeError.domain isEqualToString:kGIDSignInErrorDomain] && - addedScopeError.code == kGIDSignInErrorCodeMismatchWithCurrentUser) { - error = [FlutterError errorWithCode:@"mismatch_user" - message:@"There is an operation on a previous " - @"user. Try signing in again." - details:nil]; - } else if ([addedScopeError.domain isEqualToString:kGIDSignInErrorDomain] && - addedScopeError.code == kGIDSignInErrorCodeScopesAlreadyGranted) { - // Scopes already granted, report success. - granted = YES; - } else if (signInResult.user) { - NSSet *grantedScopes = - [NSSet setWithArray:signInResult.user.grantedScopes]; - granted = [requestedScopes isSubsetOfSet:grantedScopes]; - } - completion(error == nil ? @(granted) : nil, error); - }]; - } @catch (NSException *e) { - completion(nil, [FlutterError errorWithCode:@"request_scopes" message:e.reason details:e.name]); - } -} - #pragma mark - private methods // Wraps the iOS and macOS sign in display methods. - (void)signInWithHint:(nullable NSString *)hint additionalScopes:(nullable NSArray *)additionalScopes - completion:(nullable void (^)(GIDSignInResult *_Nullable signInResult, - NSError *_Nullable error))completion { + nonce:(nullable NSString *)nonce + completion:(void (^)(GIDSignInResult *_Nullable signInResult, + NSError *_Nullable error))completion { + // TODO(stuartmorgan): Add the nonce parameter to the calls below once it's available; it was + // added after 8.0, and based on https://github.com/google/GoogleSignIn-iOS/releases appears to + // be slated for an 8.1 release. See https://github.com/flutter/flutter/issues/85439. #if TARGET_OS_OSX [self.signIn signInWithPresentingWindow:self.registrar.view.window hint:hint @@ -259,24 +294,23 @@ - (void)signInWithHint:(nullable NSString *)hint } // Wraps the iOS and macOS scope addition methods. -- (void)addScopes:(NSArray *)scopes - completion:(nullable void (^)(GIDSignInResult *_Nullable signInResult, - NSError *_Nullable error))completion { - GIDGoogleUser *currentUser = self.signIn.currentUser; +- (void)addScopes:(nonnull NSArray *)scopes + forGoogleSignInUser:(nonnull GIDGoogleUser *)user + completion:(void (^)(GIDSignInResult *_Nullable signInResult, + NSError *_Nullable error))completion { #if TARGET_OS_OSX - [currentUser addScopes:scopes presentingWindow:self.registrar.view.window completion:completion]; + [user addScopes:scopes presentingWindow:self.registrar.view.window completion:completion]; #else - [currentUser addScopes:scopes - presentingViewController:[self topViewController] - completion:completion]; + [user addScopes:scopes presentingViewController:[self topViewController] completion:completion]; #endif } /// @return @c nil if GoogleService-Info.plist not found and runtimeClientIdentifier is not /// provided. -- (GIDConfiguration *)configurationWithClientIdentifier:(NSString *)runtimeClientIdentifier - serverClientIdentifier:(NSString *)runtimeServerClientIdentifier - hostedDomain:(NSString *)hostedDomain { +- (GIDConfiguration *)configurationWithClientIdentifier:(nullable NSString *)runtimeClientIdentifier + serverClientIdentifier: + (nullable NSString *)runtimeServerClientIdentifier + hostedDomain:(nullable NSString *)hostedDomain { NSString *clientID = runtimeClientIdentifier ?: self.googleServiceProperties[kClientIdKey]; if (!clientID) { // Creating a GIDConfiguration requires a client identifier. @@ -291,23 +325,54 @@ - (GIDConfiguration *)configurationWithClientIdentifier:(NSString *)runtimeClien openIDRealm:nil]; } -- (void)didSignInForUser:(GIDGoogleUser *)user - withServerAuthCode:(NSString *_Nullable)serverAuthCode - completion: - (nonnull void (^)(FSIUserData *_Nullable, FlutterError *_Nullable))completion { - NSURL *photoUrl; +- (void)handleAuthResultWithUser:(nullable GIDGoogleUser *)user + serverAuthCode:(nullable NSString *)serverAuthCode + error:(nullable NSError *)error + completion:(void (^)(FSISignInResult *_Nullable, + FlutterError *_Nullable))completion { + if (user) { + [self didSignInForUser:user withServerAuthCode:serverAuthCode completion:completion]; + } else { + // Convert expected errors into structured failure return, and everything else + // into a generic error. + if (error.domain == kGIDSignInErrorDomain) { + completion( + [FSISignInResult + makeWithSuccess:nil + error:[FSISignInFailure + makeWithType:FSIPigeonErrorCodeForGIDSignInErrorCode(error.code) + message:error.localizedDescription + details:FSISanitizedUserInfo(error.userInfo)]], + nil); + } else { + completion(nil, FSIFlutterErrorForNSError(error)); + } + } +} + +- (void)didSignInForUser:(nonnull GIDGoogleUser *)user + withServerAuthCode:(nullable NSString *)serverAuthCode + completion:(void (^)(FSISignInResult *_Nullable, FlutterError *_Nullable))completion { + self.usersByIdentifier[user.userID] = user; + + NSURL *photoURL; if (user.profile.hasImage) { // Placeholder that will be replaced by on the Dart side based on screen size. - photoUrl = [user.profile imageURLWithDimension:1337]; + photoURL = [user.profile imageURLWithDimension:1337]; } - completion([FSIUserData makeWithDisplayName:user.profile.name - email:user.profile.email - userId:user.userID - photoUrl:photoUrl.absoluteString - serverAuthCode:serverAuthCode - idToken:user.idToken.tokenString], - nil); + FSIUserData *userData = [FSIUserData makeWithDisplayName:user.profile.name + email:user.profile.email + userId:user.userID + photoUrl:photoURL.absoluteString + idToken:user.idToken.tokenString]; + FSISignInResult *result = + [FSISignInResult makeWithSuccess:[FSISignInSuccess makeWithUser:userData + accessToken:user.accessToken.tokenString + grantedScopes:user.grantedScopes + serverAuthCode:serverAuthCode] + error:nil]; + completion(result, nil); } #if TARGET_OS_IOS diff --git a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/FLTGoogleSignInPlugin_Test.h b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/FLTGoogleSignInPlugin_Test.h index b145d028ad9..430863556d5 100644 --- a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/FLTGoogleSignInPlugin_Test.h +++ b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/FLTGoogleSignInPlugin_Test.h @@ -15,20 +15,13 @@ NS_ASSUME_NONNULL_BEGIN /// Methods exposed for unit testing. @interface FLTGoogleSignInPlugin () -// Configuration wrapping Google Cloud Console, Google Apps, OpenID, -// and other initialization metadata. -@property(strong) GIDConfiguration *configuration; - -// Permissions requested during at sign in "init" method call -// unioned with scopes requested later with incremental authorization -// "requestScopes" method call. -// The "email" and "profile" base scopes are always implicitly requested. -@property(copy) NSSet *requestedScopes; - // Instance used to manage Google Sign In authentication including // sign in, sign out, and requesting additional scopes. @property(strong, readonly) GIDSignIn *signIn; +// A mapping of user IDs to GIDGoogleUser instances to use for follow-up calls. +@property(nonatomic) NSMutableDictionary *usersByIdentifier; + /// Inject @c FlutterPluginRegistrar for testing. - (instancetype)initWithRegistrar:(NSObject *)registrar; diff --git a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/messages.g.h b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/messages.g.h index 745c1ec9180..3f99f2785d0 100644 --- a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/messages.g.h +++ b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/messages.g.h @@ -1,7 +1,7 @@ // Copyright 2013 The Flutter Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -// Autogenerated from Pigeon (v11.0.1), do not edit directly. +// Autogenerated from Pigeon (v22.7.4), do not edit directly. // See also: https://pub.dev/packages/pigeon #import @@ -13,29 +13,55 @@ NS_ASSUME_NONNULL_BEGIN -@class FSIInitParams; +/// Enum mapping of known codes from +/// https://developers.google.com/identity/sign-in/ios/reference/Enums/GIDSignInErrorCode +typedef NS_ENUM(NSUInteger, FSIGoogleSignInErrorCode) { + /// Either the underlying kGIDSignInErrorCodeUnknown, or a code that isn't + /// a known code mapped to a value below. + FSIGoogleSignInErrorCodeUnknown = 0, + /// kGIDSignInErrorCodeKeychain; an error reading or writing to keychain. + FSIGoogleSignInErrorCodeKeychainError = 1, + /// kGIDSignInErrorCodeHasNoAuthInKeychain; no auth present in the keychain. + /// + /// For restorePreviousSignIn, this indicates that there is no sign in to + /// restore. + FSIGoogleSignInErrorCodeNoAuthInKeychain = 2, + /// kGIDSignInErrorCodeCanceled; the request was canceled by the user. + FSIGoogleSignInErrorCodeCanceled = 3, + /// kGIDSignInErrorCodeEMM; an enterprise management error occurred. + FSIGoogleSignInErrorCodeEemError = 4, + /// kGIDSignInErrorCodeScopesAlreadyGranted; the requested scopes have already + /// been granted. + FSIGoogleSignInErrorCodeScopesAlreadyGranted = 5, + /// kGIDSignInErrorCodeMismatchWithCurrentUser; an operation was requested on + /// a non-current user. + FSIGoogleSignInErrorCodeUserMismatch = 6, +}; + +/// Wrapper for FSIGoogleSignInErrorCode to allow for nullability. +@interface FSIGoogleSignInErrorCodeBox : NSObject +@property(nonatomic, assign) FSIGoogleSignInErrorCode value; +- (instancetype)initWithValue:(FSIGoogleSignInErrorCode)value; +@end + +@class FSIPlatformConfigurationParams; @class FSIUserData; -@class FSITokenData; +@class FSISignInResult; +@class FSISignInFailure; +@class FSISignInSuccess; -/// Pigeon version of SignInInitParams. -/// -/// See SignInInitParams for details. -@interface FSIInitParams : NSObject -/// `init` unavailable to enforce nonnull fields, see the `make` class method. -- (instancetype)init NS_UNAVAILABLE; -+ (instancetype)makeWithScopes:(NSArray *)scopes - hostedDomain:(nullable NSString *)hostedDomain - clientId:(nullable NSString *)clientId - serverClientId:(nullable NSString *)serverClientId; -@property(nonatomic, strong) NSArray *scopes; -@property(nonatomic, copy, nullable) NSString *hostedDomain; +@interface FSIPlatformConfigurationParams : NSObject ++ (instancetype)makeWithClientId:(nullable NSString *)clientId + serverClientId:(nullable NSString *)serverClientId + hostedDomain:(nullable NSString *)hostedDomain; @property(nonatomic, copy, nullable) NSString *clientId; @property(nonatomic, copy, nullable) NSString *serverClientId; +@property(nonatomic, copy, nullable) NSString *hostedDomain; @end -/// Pigeon version of GoogleSignInUserData. +/// Pigeon version of GoogleSignInUserData + AuthenticationTokenData. /// -/// See GoogleSignInUserData for details. +/// See GoogleSignInUserData and AuthenticationTokenData for details. @interface FSIUserData : NSObject /// `init` unavailable to enforce nonnull fields, see the `make` class method. - (instancetype)init NS_UNAVAILABLE; @@ -43,55 +69,97 @@ NS_ASSUME_NONNULL_BEGIN email:(NSString *)email userId:(NSString *)userId photoUrl:(nullable NSString *)photoUrl - serverAuthCode:(nullable NSString *)serverAuthCode idToken:(nullable NSString *)idToken; @property(nonatomic, copy, nullable) NSString *displayName; @property(nonatomic, copy) NSString *email; @property(nonatomic, copy) NSString *userId; @property(nonatomic, copy, nullable) NSString *photoUrl; -@property(nonatomic, copy, nullable) NSString *serverAuthCode; @property(nonatomic, copy, nullable) NSString *idToken; @end -/// Pigeon version of GoogleSignInTokenData. +/// The response from an auth call. +@interface FSISignInResult : NSObject ++ (instancetype)makeWithSuccess:(nullable FSISignInSuccess *)success + error:(nullable FSISignInFailure *)error; +/// The success result, if any. /// -/// See GoogleSignInTokenData for details. -@interface FSITokenData : NSObject -+ (instancetype)makeWithIdToken:(nullable NSString *)idToken - accessToken:(nullable NSString *)accessToken; -@property(nonatomic, copy, nullable) NSString *idToken; -@property(nonatomic, copy, nullable) NSString *accessToken; +/// Exactly one of success and error will be non-nil. +@property(nonatomic, strong, nullable) FSISignInSuccess *success; +/// The error result, if any. +/// +/// Exactly one of success and error will be non-nil. +@property(nonatomic, strong, nullable) FSISignInFailure *error; @end -/// The codec used by FSIGoogleSignInApi. -NSObject *FSIGoogleSignInApiGetCodec(void); +/// An sign in failure. +@interface FSISignInFailure : NSObject +/// `init` unavailable to enforce nonnull fields, see the `make` class method. +- (instancetype)init NS_UNAVAILABLE; ++ (instancetype)makeWithType:(FSIGoogleSignInErrorCode)type + message:(nullable NSString *)message + details:(nullable id)details; +/// The type of failure. +@property(nonatomic, assign) FSIGoogleSignInErrorCode type; +/// The message associated with the failure, if any. +@property(nonatomic, copy, nullable) NSString *message; +/// Extra details about the failure, if any. +@property(nonatomic, strong, nullable) id details; +@end + +/// A successful auth result. +/// +/// Corresponds to the information in a native GIDSignInResult. Because of the +/// structure of the Google Sign In SDK, this has information corresponding to +/// both authn and authz steps, even though incremental authorization is +/// supported. +@interface FSISignInSuccess : NSObject +/// `init` unavailable to enforce nonnull fields, see the `make` class method. +- (instancetype)init NS_UNAVAILABLE; ++ (instancetype)makeWithUser:(FSIUserData *)user + accessToken:(NSString *)accessToken + grantedScopes:(NSArray *)grantedScopes + serverAuthCode:(nullable NSString *)serverAuthCode; +@property(nonatomic, strong) FSIUserData *user; +@property(nonatomic, copy) NSString *accessToken; +@property(nonatomic, copy) NSArray *grantedScopes; +@property(nonatomic, copy, nullable) NSString *serverAuthCode; +@end + +/// The codec used by all APIs. +NSObject *FSIGetMessagesCodec(void); @protocol FSIGoogleSignInApi -/// Initializes a sign in request with the given parameters. -- (void)initializeSignInWithParameters:(FSIInitParams *)params - error:(FlutterError *_Nullable *_Nonnull)error; -/// Starts a silent sign in. -- (void)signInSilentlyWithCompletion:(void (^)(FSIUserData *_Nullable, - FlutterError *_Nullable))completion; +/// Configures the sign in object with application-level parameters. +- (void)configureWithParameters:(FSIPlatformConfigurationParams *)params + error:(FlutterError *_Nullable *_Nonnull)error; +/// Attempts to restore an existing sign-in, if any, with minimal user +/// interaction. +- (void)restorePreviousSignInWithCompletion:(void (^)(FSISignInResult *_Nullable, + FlutterError *_Nullable))completion; /// Starts a sign in with user interaction. -- (void)signInWithCompletion:(void (^)(FSIUserData *_Nullable, FlutterError *_Nullable))completion; +- (void)signInWithScopeHint:(NSArray *)scopeHint + nonce:(nullable NSString *)nonce + completion: + (void (^)(FSISignInResult *_Nullable, FlutterError *_Nullable))completion; /// Requests the access token for the current sign in. -- (void)getAccessTokenWithCompletion:(void (^)(FSITokenData *_Nullable, - FlutterError *_Nullable))completion; +- (void)refreshedAuthorizationTokensForUser:(NSString *)userId + completion:(void (^)(FSISignInResult *_Nullable, + FlutterError *_Nullable))completion; +/// Requests authorization of the given additional scopes. +- (void)addScopes:(NSArray *)scopes + forUser:(NSString *)userId + completion:(void (^)(FSISignInResult *_Nullable, FlutterError *_Nullable))completion; /// Signs out the current user. - (void)signOutWithError:(FlutterError *_Nullable *_Nonnull)error; /// Revokes scope grants to the application. - (void)disconnectWithCompletion:(void (^)(FlutterError *_Nullable))completion; -/// Returns whether the user is currently signed in. -/// -/// @return `nil` only when `error != nil`. -- (nullable NSNumber *)isSignedInWithError:(FlutterError *_Nullable *_Nonnull)error; -/// Requests access to the given scopes. -- (void)requestScopes:(NSArray *)scopes - completion:(void (^)(NSNumber *_Nullable, FlutterError *_Nullable))completion; @end -extern void FSIGoogleSignInApiSetup(id binaryMessenger, +extern void SetUpFSIGoogleSignInApi(id binaryMessenger, NSObject *_Nullable api); +extern void SetUpFSIGoogleSignInApiWithSuffix(id binaryMessenger, + NSObject *_Nullable api, + NSString *messageChannelSuffix); + NS_ASSUME_NONNULL_END diff --git a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/messages.g.m b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/messages.g.m index 2ec6ea32d0e..522e8cd26ee 100644 --- a/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/messages.g.m +++ b/packages/google_sign_in/google_sign_in_ios/darwin/google_sign_in_ios/Sources/google_sign_in_ios/messages.g.m @@ -1,7 +1,7 @@ // Copyright 2013 The Flutter Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -// Autogenerated from Pigeon (v11.0.1), do not edit directly. +// Autogenerated from Pigeon (v22.7.4), do not edit directly. // See also: https://pub.dev/packages/pigeon #import "./include/google_sign_in_ios/messages.g.h" @@ -16,7 +16,7 @@ #error File requires ARC to be enabled. #endif -static NSArray *wrapResult(id result, FlutterError *error) { +static NSArray *wrapResult(id result, FlutterError *error) { if (error) { return @[ error.code ?: [NSNull null], error.message ?: [NSNull null], error.details ?: [NSNull null] @@ -24,59 +24,79 @@ } return @[ result ?: [NSNull null] ]; } -static id GetNullableObjectAtIndex(NSArray *array, NSInteger key) { + +static id GetNullableObjectAtIndex(NSArray *array, NSInteger key) { id result = array[key]; return (result == [NSNull null]) ? nil : result; } -@interface FSIInitParams () -+ (FSIInitParams *)fromList:(NSArray *)list; -+ (nullable FSIInitParams *)nullableFromList:(NSArray *)list; -- (NSArray *)toList; +/// Enum mapping of known codes from +/// https://developers.google.com/identity/sign-in/ios/reference/Enums/GIDSignInErrorCode +@implementation FSIGoogleSignInErrorCodeBox +- (instancetype)initWithValue:(FSIGoogleSignInErrorCode)value { + self = [super init]; + if (self) { + _value = value; + } + return self; +} +@end + +@interface FSIPlatformConfigurationParams () ++ (FSIPlatformConfigurationParams *)fromList:(NSArray *)list; ++ (nullable FSIPlatformConfigurationParams *)nullableFromList:(NSArray *)list; +- (NSArray *)toList; @end @interface FSIUserData () -+ (FSIUserData *)fromList:(NSArray *)list; -+ (nullable FSIUserData *)nullableFromList:(NSArray *)list; -- (NSArray *)toList; ++ (FSIUserData *)fromList:(NSArray *)list; ++ (nullable FSIUserData *)nullableFromList:(NSArray *)list; +- (NSArray *)toList; @end -@interface FSITokenData () -+ (FSITokenData *)fromList:(NSArray *)list; -+ (nullable FSITokenData *)nullableFromList:(NSArray *)list; -- (NSArray *)toList; +@interface FSISignInResult () ++ (FSISignInResult *)fromList:(NSArray *)list; ++ (nullable FSISignInResult *)nullableFromList:(NSArray *)list; +- (NSArray *)toList; @end -@implementation FSIInitParams -+ (instancetype)makeWithScopes:(NSArray *)scopes - hostedDomain:(nullable NSString *)hostedDomain - clientId:(nullable NSString *)clientId - serverClientId:(nullable NSString *)serverClientId { - FSIInitParams *pigeonResult = [[FSIInitParams alloc] init]; - pigeonResult.scopes = scopes; - pigeonResult.hostedDomain = hostedDomain; +@interface FSISignInFailure () ++ (FSISignInFailure *)fromList:(NSArray *)list; ++ (nullable FSISignInFailure *)nullableFromList:(NSArray *)list; +- (NSArray *)toList; +@end + +@interface FSISignInSuccess () ++ (FSISignInSuccess *)fromList:(NSArray *)list; ++ (nullable FSISignInSuccess *)nullableFromList:(NSArray *)list; +- (NSArray *)toList; +@end + +@implementation FSIPlatformConfigurationParams ++ (instancetype)makeWithClientId:(nullable NSString *)clientId + serverClientId:(nullable NSString *)serverClientId + hostedDomain:(nullable NSString *)hostedDomain { + FSIPlatformConfigurationParams *pigeonResult = [[FSIPlatformConfigurationParams alloc] init]; pigeonResult.clientId = clientId; pigeonResult.serverClientId = serverClientId; + pigeonResult.hostedDomain = hostedDomain; return pigeonResult; } -+ (FSIInitParams *)fromList:(NSArray *)list { - FSIInitParams *pigeonResult = [[FSIInitParams alloc] init]; - pigeonResult.scopes = GetNullableObjectAtIndex(list, 0); - NSAssert(pigeonResult.scopes != nil, @""); - pigeonResult.hostedDomain = GetNullableObjectAtIndex(list, 1); - pigeonResult.clientId = GetNullableObjectAtIndex(list, 2); - pigeonResult.serverClientId = GetNullableObjectAtIndex(list, 3); ++ (FSIPlatformConfigurationParams *)fromList:(NSArray *)list { + FSIPlatformConfigurationParams *pigeonResult = [[FSIPlatformConfigurationParams alloc] init]; + pigeonResult.clientId = GetNullableObjectAtIndex(list, 0); + pigeonResult.serverClientId = GetNullableObjectAtIndex(list, 1); + pigeonResult.hostedDomain = GetNullableObjectAtIndex(list, 2); return pigeonResult; } -+ (nullable FSIInitParams *)nullableFromList:(NSArray *)list { - return (list) ? [FSIInitParams fromList:list] : nil; ++ (nullable FSIPlatformConfigurationParams *)nullableFromList:(NSArray *)list { + return (list) ? [FSIPlatformConfigurationParams fromList:list] : nil; } -- (NSArray *)toList { +- (NSArray *)toList { return @[ - (self.scopes ?: [NSNull null]), - (self.hostedDomain ?: [NSNull null]), - (self.clientId ?: [NSNull null]), - (self.serverClientId ?: [NSNull null]), + self.clientId ?: [NSNull null], + self.serverClientId ?: [NSNull null], + self.hostedDomain ?: [NSNull null], ]; } @end @@ -86,98 +106,175 @@ + (instancetype)makeWithDisplayName:(nullable NSString *)displayName email:(NSString *)email userId:(NSString *)userId photoUrl:(nullable NSString *)photoUrl - serverAuthCode:(nullable NSString *)serverAuthCode idToken:(nullable NSString *)idToken { FSIUserData *pigeonResult = [[FSIUserData alloc] init]; pigeonResult.displayName = displayName; pigeonResult.email = email; pigeonResult.userId = userId; pigeonResult.photoUrl = photoUrl; - pigeonResult.serverAuthCode = serverAuthCode; pigeonResult.idToken = idToken; return pigeonResult; } -+ (FSIUserData *)fromList:(NSArray *)list { ++ (FSIUserData *)fromList:(NSArray *)list { FSIUserData *pigeonResult = [[FSIUserData alloc] init]; pigeonResult.displayName = GetNullableObjectAtIndex(list, 0); pigeonResult.email = GetNullableObjectAtIndex(list, 1); - NSAssert(pigeonResult.email != nil, @""); pigeonResult.userId = GetNullableObjectAtIndex(list, 2); - NSAssert(pigeonResult.userId != nil, @""); pigeonResult.photoUrl = GetNullableObjectAtIndex(list, 3); - pigeonResult.serverAuthCode = GetNullableObjectAtIndex(list, 4); - pigeonResult.idToken = GetNullableObjectAtIndex(list, 5); + pigeonResult.idToken = GetNullableObjectAtIndex(list, 4); return pigeonResult; } -+ (nullable FSIUserData *)nullableFromList:(NSArray *)list { ++ (nullable FSIUserData *)nullableFromList:(NSArray *)list { return (list) ? [FSIUserData fromList:list] : nil; } -- (NSArray *)toList { +- (NSArray *)toList { return @[ - (self.displayName ?: [NSNull null]), - (self.email ?: [NSNull null]), - (self.userId ?: [NSNull null]), - (self.photoUrl ?: [NSNull null]), - (self.serverAuthCode ?: [NSNull null]), - (self.idToken ?: [NSNull null]), + self.displayName ?: [NSNull null], + self.email ?: [NSNull null], + self.userId ?: [NSNull null], + self.photoUrl ?: [NSNull null], + self.idToken ?: [NSNull null], ]; } @end -@implementation FSITokenData -+ (instancetype)makeWithIdToken:(nullable NSString *)idToken - accessToken:(nullable NSString *)accessToken { - FSITokenData *pigeonResult = [[FSITokenData alloc] init]; - pigeonResult.idToken = idToken; +@implementation FSISignInResult ++ (instancetype)makeWithSuccess:(nullable FSISignInSuccess *)success + error:(nullable FSISignInFailure *)error { + FSISignInResult *pigeonResult = [[FSISignInResult alloc] init]; + pigeonResult.success = success; + pigeonResult.error = error; + return pigeonResult; +} ++ (FSISignInResult *)fromList:(NSArray *)list { + FSISignInResult *pigeonResult = [[FSISignInResult alloc] init]; + pigeonResult.success = GetNullableObjectAtIndex(list, 0); + pigeonResult.error = GetNullableObjectAtIndex(list, 1); + return pigeonResult; +} ++ (nullable FSISignInResult *)nullableFromList:(NSArray *)list { + return (list) ? [FSISignInResult fromList:list] : nil; +} +- (NSArray *)toList { + return @[ + self.success ?: [NSNull null], + self.error ?: [NSNull null], + ]; +} +@end + +@implementation FSISignInFailure ++ (instancetype)makeWithType:(FSIGoogleSignInErrorCode)type + message:(nullable NSString *)message + details:(nullable id)details { + FSISignInFailure *pigeonResult = [[FSISignInFailure alloc] init]; + pigeonResult.type = type; + pigeonResult.message = message; + pigeonResult.details = details; + return pigeonResult; +} ++ (FSISignInFailure *)fromList:(NSArray *)list { + FSISignInFailure *pigeonResult = [[FSISignInFailure alloc] init]; + FSIGoogleSignInErrorCodeBox *boxedFSIGoogleSignInErrorCode = GetNullableObjectAtIndex(list, 0); + pigeonResult.type = boxedFSIGoogleSignInErrorCode.value; + pigeonResult.message = GetNullableObjectAtIndex(list, 1); + pigeonResult.details = GetNullableObjectAtIndex(list, 2); + return pigeonResult; +} ++ (nullable FSISignInFailure *)nullableFromList:(NSArray *)list { + return (list) ? [FSISignInFailure fromList:list] : nil; +} +- (NSArray *)toList { + return @[ + [[FSIGoogleSignInErrorCodeBox alloc] initWithValue:self.type], + self.message ?: [NSNull null], + self.details ?: [NSNull null], + ]; +} +@end + +@implementation FSISignInSuccess ++ (instancetype)makeWithUser:(FSIUserData *)user + accessToken:(NSString *)accessToken + grantedScopes:(NSArray *)grantedScopes + serverAuthCode:(nullable NSString *)serverAuthCode { + FSISignInSuccess *pigeonResult = [[FSISignInSuccess alloc] init]; + pigeonResult.user = user; pigeonResult.accessToken = accessToken; + pigeonResult.grantedScopes = grantedScopes; + pigeonResult.serverAuthCode = serverAuthCode; return pigeonResult; } -+ (FSITokenData *)fromList:(NSArray *)list { - FSITokenData *pigeonResult = [[FSITokenData alloc] init]; - pigeonResult.idToken = GetNullableObjectAtIndex(list, 0); ++ (FSISignInSuccess *)fromList:(NSArray *)list { + FSISignInSuccess *pigeonResult = [[FSISignInSuccess alloc] init]; + pigeonResult.user = GetNullableObjectAtIndex(list, 0); pigeonResult.accessToken = GetNullableObjectAtIndex(list, 1); + pigeonResult.grantedScopes = GetNullableObjectAtIndex(list, 2); + pigeonResult.serverAuthCode = GetNullableObjectAtIndex(list, 3); return pigeonResult; } -+ (nullable FSITokenData *)nullableFromList:(NSArray *)list { - return (list) ? [FSITokenData fromList:list] : nil; ++ (nullable FSISignInSuccess *)nullableFromList:(NSArray *)list { + return (list) ? [FSISignInSuccess fromList:list] : nil; } -- (NSArray *)toList { +- (NSArray *)toList { return @[ - (self.idToken ?: [NSNull null]), - (self.accessToken ?: [NSNull null]), + self.user ?: [NSNull null], + self.accessToken ?: [NSNull null], + self.grantedScopes ?: [NSNull null], + self.serverAuthCode ?: [NSNull null], ]; } @end -@interface FSIGoogleSignInApiCodecReader : FlutterStandardReader +@interface FSIMessagesPigeonCodecReader : FlutterStandardReader @end -@implementation FSIGoogleSignInApiCodecReader +@implementation FSIMessagesPigeonCodecReader - (nullable id)readValueOfType:(UInt8)type { switch (type) { - case 128: - return [FSIInitParams fromList:[self readValue]]; - case 129: - return [FSITokenData fromList:[self readValue]]; + case 129: { + NSNumber *enumAsNumber = [self readValue]; + return enumAsNumber == nil + ? nil + : [[FSIGoogleSignInErrorCodeBox alloc] initWithValue:[enumAsNumber integerValue]]; + } case 130: + return [FSIPlatformConfigurationParams fromList:[self readValue]]; + case 131: return [FSIUserData fromList:[self readValue]]; + case 132: + return [FSISignInResult fromList:[self readValue]]; + case 133: + return [FSISignInFailure fromList:[self readValue]]; + case 134: + return [FSISignInSuccess fromList:[self readValue]]; default: return [super readValueOfType:type]; } } @end -@interface FSIGoogleSignInApiCodecWriter : FlutterStandardWriter +@interface FSIMessagesPigeonCodecWriter : FlutterStandardWriter @end -@implementation FSIGoogleSignInApiCodecWriter +@implementation FSIMessagesPigeonCodecWriter - (void)writeValue:(id)value { - if ([value isKindOfClass:[FSIInitParams class]]) { - [self writeByte:128]; - [self writeValue:[value toList]]; - } else if ([value isKindOfClass:[FSITokenData class]]) { + if ([value isKindOfClass:[FSIGoogleSignInErrorCodeBox class]]) { + FSIGoogleSignInErrorCodeBox *box = (FSIGoogleSignInErrorCodeBox *)value; [self writeByte:129]; + [self writeValue:(value == nil ? [NSNull null] : [NSNumber numberWithInteger:box.value])]; + } else if ([value isKindOfClass:[FSIPlatformConfigurationParams class]]) { + [self writeByte:130]; [self writeValue:[value toList]]; } else if ([value isKindOfClass:[FSIUserData class]]) { - [self writeByte:130]; + [self writeByte:131]; + [self writeValue:[value toList]]; + } else if ([value isKindOfClass:[FSISignInResult class]]) { + [self writeByte:132]; + [self writeValue:[value toList]]; + } else if ([value isKindOfClass:[FSISignInFailure class]]) { + [self writeByte:133]; + [self writeValue:[value toList]]; + } else if ([value isKindOfClass:[FSISignInSuccess class]]) { + [self writeByte:134]; [self writeValue:[value toList]]; } else { [super writeValue:value]; @@ -185,66 +282,82 @@ - (void)writeValue:(id)value { } @end -@interface FSIGoogleSignInApiCodecReaderWriter : FlutterStandardReaderWriter +@interface FSIMessagesPigeonCodecReaderWriter : FlutterStandardReaderWriter @end -@implementation FSIGoogleSignInApiCodecReaderWriter +@implementation FSIMessagesPigeonCodecReaderWriter - (FlutterStandardWriter *)writerWithData:(NSMutableData *)data { - return [[FSIGoogleSignInApiCodecWriter alloc] initWithData:data]; + return [[FSIMessagesPigeonCodecWriter alloc] initWithData:data]; } - (FlutterStandardReader *)readerWithData:(NSData *)data { - return [[FSIGoogleSignInApiCodecReader alloc] initWithData:data]; + return [[FSIMessagesPigeonCodecReader alloc] initWithData:data]; } @end -NSObject *FSIGoogleSignInApiGetCodec(void) { +NSObject *FSIGetMessagesCodec(void) { static FlutterStandardMessageCodec *sSharedObject = nil; static dispatch_once_t sPred = 0; dispatch_once(&sPred, ^{ - FSIGoogleSignInApiCodecReaderWriter *readerWriter = - [[FSIGoogleSignInApiCodecReaderWriter alloc] init]; + FSIMessagesPigeonCodecReaderWriter *readerWriter = + [[FSIMessagesPigeonCodecReaderWriter alloc] init]; sSharedObject = [FlutterStandardMessageCodec codecWithReaderWriter:readerWriter]; }); return sSharedObject; } - -void FSIGoogleSignInApiSetup(id binaryMessenger, +void SetUpFSIGoogleSignInApi(id binaryMessenger, NSObject *api) { - /// Initializes a sign in request with the given parameters. + SetUpFSIGoogleSignInApiWithSuffix(binaryMessenger, api, @""); +} + +void SetUpFSIGoogleSignInApiWithSuffix(id binaryMessenger, + NSObject *api, + NSString *messageChannelSuffix) { + messageChannelSuffix = messageChannelSuffix.length > 0 + ? [NSString stringWithFormat:@".%@", messageChannelSuffix] + : @""; + /// Configures the sign in object with application-level parameters. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.init" + initWithName:[NSString + stringWithFormat: + @"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.configure", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { - NSCAssert([api respondsToSelector:@selector(initializeSignInWithParameters:error:)], + NSCAssert([api respondsToSelector:@selector(configureWithParameters:error:)], @"FSIGoogleSignInApi api (%@) doesn't respond to " - @"@selector(initializeSignInWithParameters:error:)", + @"@selector(configureWithParameters:error:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - NSArray *args = message; - FSIInitParams *arg_params = GetNullableObjectAtIndex(args, 0); + NSArray *args = message; + FSIPlatformConfigurationParams *arg_params = GetNullableObjectAtIndex(args, 0); FlutterError *error; - [api initializeSignInWithParameters:arg_params error:&error]; + [api configureWithParameters:arg_params error:&error]; callback(wrapResult(nil, error)); }]; } else { [channel setMessageHandler:nil]; } } - /// Starts a silent sign in. + /// Attempts to restore an existing sign-in, if any, with minimal user + /// interaction. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signInSilently" + initWithName:[NSString stringWithFormat:@"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios." + @"GoogleSignInApi.restorePreviousSignIn", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { - NSCAssert([api respondsToSelector:@selector(signInSilentlyWithCompletion:)], + NSCAssert([api respondsToSelector:@selector(restorePreviousSignInWithCompletion:)], @"FSIGoogleSignInApi api (%@) doesn't respond to " - @"@selector(signInSilentlyWithCompletion:)", + @"@selector(restorePreviousSignInWithCompletion:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - [api signInSilentlyWithCompletion:^(FSIUserData *_Nullable output, - FlutterError *_Nullable error) { + [api restorePreviousSignInWithCompletion:^(FSISignInResult *_Nullable output, + FlutterError *_Nullable error) { callback(wrapResult(output, error)); }]; }]; @@ -255,17 +368,28 @@ void FSIGoogleSignInApiSetup(id binaryMessenger, /// Starts a sign in with user interaction. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signIn" + initWithName: + [NSString + stringWithFormat:@"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signIn", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { - NSCAssert([api respondsToSelector:@selector(signInWithCompletion:)], - @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(signInWithCompletion:)", + NSCAssert([api respondsToSelector:@selector(signInWithScopeHint:nonce:completion:)], + @"FSIGoogleSignInApi api (%@) doesn't respond to " + @"@selector(signInWithScopeHint:nonce:completion:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - [api signInWithCompletion:^(FSIUserData *_Nullable output, FlutterError *_Nullable error) { - callback(wrapResult(output, error)); - }]; + NSArray *args = message; + NSArray *arg_scopeHint = GetNullableObjectAtIndex(args, 0); + NSString *arg_nonce = GetNullableObjectAtIndex(args, 1); + [api signInWithScopeHint:arg_scopeHint + nonce:arg_nonce + completion:^(FSISignInResult *_Nullable output, + FlutterError *_Nullable error) { + callback(wrapResult(output, error)); + }]; }]; } else { [channel setMessageHandler:nil]; @@ -274,100 +398,102 @@ void FSIGoogleSignInApiSetup(id binaryMessenger, /// Requests the access token for the current sign in. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.getAccessToken" + initWithName:[NSString + stringWithFormat:@"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios." + @"GoogleSignInApi.getRefreshedAuthorizationTokens", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { - NSCAssert([api respondsToSelector:@selector(getAccessTokenWithCompletion:)], + NSCAssert([api respondsToSelector:@selector(refreshedAuthorizationTokensForUser:completion:)], @"FSIGoogleSignInApi api (%@) doesn't respond to " - @"@selector(getAccessTokenWithCompletion:)", + @"@selector(refreshedAuthorizationTokensForUser:completion:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - [api getAccessTokenWithCompletion:^(FSITokenData *_Nullable output, - FlutterError *_Nullable error) { - callback(wrapResult(output, error)); - }]; + NSArray *args = message; + NSString *arg_userId = GetNullableObjectAtIndex(args, 0); + [api refreshedAuthorizationTokensForUser:arg_userId + completion:^(FSISignInResult *_Nullable output, + FlutterError *_Nullable error) { + callback(wrapResult(output, error)); + }]; }]; } else { [channel setMessageHandler:nil]; } } - /// Signs out the current user. + /// Requests authorization of the given additional scopes. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signOut" + initWithName:[NSString + stringWithFormat: + @"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.addScopes", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { - NSCAssert([api respondsToSelector:@selector(signOutWithError:)], - @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(signOutWithError:)", + NSCAssert([api respondsToSelector:@selector(addScopes:forUser:completion:)], + @"FSIGoogleSignInApi api (%@) doesn't respond to " + @"@selector(addScopes:forUser:completion:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - FlutterError *error; - [api signOutWithError:&error]; - callback(wrapResult(nil, error)); - }]; - } else { - [channel setMessageHandler:nil]; - } - } - /// Revokes scope grants to the application. - { - FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.disconnect" - binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; - if (api) { - NSCAssert( - [api respondsToSelector:@selector(disconnectWithCompletion:)], - @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(disconnectWithCompletion:)", - api); - [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - [api disconnectWithCompletion:^(FlutterError *_Nullable error) { - callback(wrapResult(nil, error)); - }]; + NSArray *args = message; + NSArray *arg_scopes = GetNullableObjectAtIndex(args, 0); + NSString *arg_userId = GetNullableObjectAtIndex(args, 1); + [api addScopes:arg_scopes + forUser:arg_userId + completion:^(FSISignInResult *_Nullable output, FlutterError *_Nullable error) { + callback(wrapResult(output, error)); + }]; }]; } else { [channel setMessageHandler:nil]; } } - /// Returns whether the user is currently signed in. + /// Signs out the current user. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.isSignedIn" + initWithName:[NSString + stringWithFormat: + @"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signOut", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { - NSCAssert([api respondsToSelector:@selector(isSignedInWithError:)], - @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(isSignedInWithError:)", + NSCAssert([api respondsToSelector:@selector(signOutWithError:)], + @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(signOutWithError:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { FlutterError *error; - NSNumber *output = [api isSignedInWithError:&error]; - callback(wrapResult(output, error)); + [api signOutWithError:&error]; + callback(wrapResult(nil, error)); }]; } else { [channel setMessageHandler:nil]; } } - /// Requests access to the given scopes. + /// Revokes scope grants to the application. { FlutterBasicMessageChannel *channel = [[FlutterBasicMessageChannel alloc] - initWithName:@"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.requestScopes" + initWithName:[NSString + stringWithFormat: + @"%@%@", + @"dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.disconnect", + messageChannelSuffix] binaryMessenger:binaryMessenger - codec:FSIGoogleSignInApiGetCodec()]; + codec:FSIGetMessagesCodec()]; if (api) { NSCAssert( - [api respondsToSelector:@selector(requestScopes:completion:)], - @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(requestScopes:completion:)", + [api respondsToSelector:@selector(disconnectWithCompletion:)], + @"FSIGoogleSignInApi api (%@) doesn't respond to @selector(disconnectWithCompletion:)", api); [channel setMessageHandler:^(id _Nullable message, FlutterReply callback) { - NSArray *args = message; - NSArray *arg_scopes = GetNullableObjectAtIndex(args, 0); - [api requestScopes:arg_scopes - completion:^(NSNumber *_Nullable output, FlutterError *_Nullable error) { - callback(wrapResult(output, error)); - }]; + [api disconnectWithCompletion:^(FlutterError *_Nullable error) { + callback(wrapResult(nil, error)); + }]; }]; } else { [channel setMessageHandler:nil]; diff --git a/packages/google_sign_in/google_sign_in_ios/example/integration_test/google_sign_in_test.dart b/packages/google_sign_in/google_sign_in_ios/example/integration_test/google_sign_in_test.dart index f1388ce86d6..11a312c90f0 100644 --- a/packages/google_sign_in/google_sign_in_ios/example/integration_test/google_sign_in_test.dart +++ b/packages/google_sign_in/google_sign_in_ios/example/integration_test/google_sign_in_test.dart @@ -9,16 +9,28 @@ import 'package:integration_test/integration_test.dart'; void main() { IntegrationTestWidgetsFlutterBinding.ensureInitialized(); - testWidgets('Can initialize the plugin', (WidgetTester tester) async { + testWidgets('Can instantiate the plugin', (WidgetTester tester) async { final GoogleSignInPlatform signIn = GoogleSignInPlatform.instance; expect(signIn, isNotNull); }); - testWidgets('Method channel handler is present', (WidgetTester tester) async { - // isSignedIn can be called without initialization, so use it to validate - // that the native method handler is present (e.g., that the channel name - // is correct). - final GoogleSignInPlatform signIn = GoogleSignInPlatform.instance; - await expectLater(signIn.isSignedIn(), completes); + testWidgets('Can initialize the plugin', (WidgetTester tester) async { + // This is primarily to validate that the native method handler is present + // and correctly set up to receive messages (i.e., that this doesn't + // throw). + try { + // #docregion IDsInCode + final GoogleSignInPlatform signIn = GoogleSignInPlatform.instance; + await signIn.init(const InitParameters( + // The OAuth client ID of your app. This is required. + clientId: 'Your Client ID', + // If you need to authenticate to a backend server, specify the server's + // OAuth client ID. This is optional. + serverClientId: 'Your Server ID', + )); + // #enddocregion IDsInCode + } catch (e) { + fail('Initialization should succeed'); + } }); } diff --git a/packages/google_sign_in/google_sign_in_ios/example/ios/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme b/packages/google_sign_in/google_sign_in_ios/example/ios/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme index 330fa765f0d..6bf8b2f1ace 100644 --- a/packages/google_sign_in/google_sign_in_ios/example/ios/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme +++ b/packages/google_sign_in/google_sign_in_ios/example/ios/Runner.xcodeproj/xcshareddata/xcschemes/Runner.xcscheme @@ -44,6 +44,7 @@ buildConfiguration = "Debug" selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB" selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB" + customLLDBInitFile = "$(SRCROOT)/Flutter/ephemeral/flutter_lldbinit" shouldUseLaunchSchemeArgsEnv = "YES"> _scopes = [ + 'email', + 'https://www.googleapis.com/auth/contacts.readonly', +]; + void main() { runApp( const MaterialApp( @@ -30,9 +34,10 @@ class SignInDemo extends StatefulWidget { class SignInDemoState extends State { GoogleSignInUserData? _currentUser; + bool _isAuthorized = false; String _contactText = ''; - // Future that completes when `initWithParams` has completed on the sign in - // instance. + String _errorMessage = ''; + // Future that completes when `init` has completed on the sign in instance. Future? _initialization; @override @@ -43,12 +48,7 @@ class SignInDemoState extends State { Future _ensureInitialized() { return _initialization ??= - GoogleSignInPlatform.instance.initWithParams(const SignInInitParameters( - scopes: [ - 'email', - 'https://www.googleapis.com/auth/contacts.readonly', - ], - )) + GoogleSignInPlatform.instance.init(const InitParameters()) ..catchError((dynamic _) { _initialization = null; }); @@ -57,33 +57,71 @@ class SignInDemoState extends State { void _setUser(GoogleSignInUserData? user) { setState(() { _currentUser = user; - if (user != null) { - _handleGetContact(user); - } }); + if (user != null) { + // Try getting contacts, in case authorization is already granted. + _handleGetContact(user); + } } Future _signIn() async { await _ensureInitialized(); - final GoogleSignInUserData? newUser = - await GoogleSignInPlatform.instance.signInSilently(); - _setUser(newUser); + try { + final AuthenticationResults? result = await GoogleSignInPlatform.instance + .attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + _setUser(result?.user); + } on GoogleSignInException catch (e) { + setState(() { + _errorMessage = e.code == GoogleSignInExceptionCode.canceled + ? '' + : 'GoogleSignInException ${e.code}: ${e.description}'; + }); + } } - Future> _getAuthHeaders() async { - final GoogleSignInUserData? user = _currentUser; - if (user == null) { - throw StateError('No user signed in'); + Future _handleAuthorizeScopes(GoogleSignInUserData user) async { + try { + final ClientAuthorizationTokenData? tokens = await GoogleSignInPlatform + .instance + .clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: _scopes, + userId: user.id, + email: user.email, + promptIfUnauthorized: true))); + + setState(() { + _isAuthorized = tokens != null; + _errorMessage = ''; + }); + if (_isAuthorized) { + unawaited(_handleGetContact(user)); + } + } on GoogleSignInException catch (e) { + setState(() { + _errorMessage = 'GoogleSignInException ${e.code}: ${e.description}'; + }); } + } - final GoogleSignInTokenData response = - await GoogleSignInPlatform.instance.getTokens( - email: user.email, - shouldRecoverAuth: true, - ); + Future?> _getAuthHeaders( + GoogleSignInUserData user) async { + final ClientAuthorizationTokenData? tokens = + await GoogleSignInPlatform.instance.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: _scopes, + userId: user.id, + email: user.email, + promptIfUnauthorized: false))); + if (tokens == null) { + return null; + } return { - 'Authorization': 'Bearer ${response.accessToken}', + 'Authorization': 'Bearer ${tokens.accessToken}', // TODO(kevmoo): Use the correct value once it's available. // See https://github.com/flutter/flutter/issues/80905 'X-Goog-AuthUser': '0', @@ -94,10 +132,17 @@ class SignInDemoState extends State { setState(() { _contactText = 'Loading contact info...'; }); + final Map? headers = await _getAuthHeaders(user); + setState(() { + _isAuthorized = headers != null; + }); + if (headers == null) { + return; + } final http.Response response = await http.get( Uri.parse('https://people.googleapis.com/v1/people/me/connections' '?requestMask.includeField=person.names'), - headers: await _getAuthHeaders(), + headers: headers, ); if (response.statusCode != 200) { setState(() { @@ -119,55 +164,63 @@ class SignInDemoState extends State { Future _handleSignIn() async { try { await _ensureInitialized(); - _setUser(await GoogleSignInPlatform.instance.signIn()); - } catch (error) { - final bool canceled = - error is PlatformException && error.code == 'sign_in_canceled'; - if (!canceled) { - print(error); - } + final AuthenticationResults result = await GoogleSignInPlatform.instance + .authenticate(const AuthenticateParameters()); + _setUser(result.user); + } on GoogleSignInException catch (e) { + setState(() { + _errorMessage = e.code == GoogleSignInExceptionCode.canceled + ? '' + : 'GoogleSignInException ${e.code}: ${e.description}'; + }); } } Future _handleSignOut() async { await _ensureInitialized(); - await GoogleSignInPlatform.instance.disconnect(); + await GoogleSignInPlatform.instance.disconnect(const DisconnectParams()); } Widget _buildBody() { final GoogleSignInUserData? user = _currentUser; - if (user != null) { - return Column( - mainAxisAlignment: MainAxisAlignment.spaceAround, - children: [ + return Column( + mainAxisAlignment: MainAxisAlignment.spaceAround, + children: [ + if (user != null) ...[ ListTile( title: Text(user.displayName ?? ''), subtitle: Text(user.email), ), const Text('Signed in successfully.'), - Text(_contactText), ElevatedButton( onPressed: _handleSignOut, child: const Text('SIGN OUT'), ), - ElevatedButton( - child: const Text('REFRESH'), - onPressed: () => _handleGetContact(user), - ), - ], - ); - } else { - return Column( - mainAxisAlignment: MainAxisAlignment.spaceAround, - children: [ + if (_isAuthorized) ...[ + // The user has Authorized all required scopes. + if (_contactText.isNotEmpty) Text(_contactText), + ElevatedButton( + child: const Text('REFRESH'), + onPressed: () => _handleGetContact(user), + ), + ] else ...[ + // The user has NOT Authorized all required scopes. + const Text('Authorization needed to read your contacts.'), + ElevatedButton( + onPressed: () => _handleAuthorizeScopes(user), + child: const Text('REQUEST PERMISSIONS'), + ), + ], + ] else ...[ const Text('You are not currently signed in.'), ElevatedButton( onPressed: _handleSignIn, child: const Text('SIGN IN'), ), ], - ); - } + if (_errorMessage.isNotEmpty) Text(_errorMessage), + ], + ); } @override diff --git a/packages/google_sign_in/google_sign_in_ios/example/pubspec.yaml b/packages/google_sign_in/google_sign_in_ios/example/pubspec.yaml index 634edfa6364..4b53bc236a8 100644 --- a/packages/google_sign_in/google_sign_in_ios/example/pubspec.yaml +++ b/packages/google_sign_in/google_sign_in_ios/example/pubspec.yaml @@ -16,7 +16,7 @@ dependencies: # The example app is bundled with the plugin so we use a path dependency on # the parent directory to use the current plugin's version. path: ../ - google_sign_in_platform_interface: ^2.5.0 + google_sign_in_platform_interface: ^3.0.0 http: ">=0.13.0 <2.0.0" dev_dependencies: diff --git a/packages/google_sign_in/google_sign_in_ios/lib/google_sign_in_ios.dart b/packages/google_sign_in/google_sign_in_ios/lib/google_sign_in_ios.dart index 652ead516a0..b5970ee0a17 100644 --- a/packages/google_sign_in/google_sign_in_ios/lib/google_sign_in_ios.dart +++ b/packages/google_sign_in/google_sign_in_ios/lib/google_sign_in_ios.dart @@ -5,7 +5,6 @@ import 'dart:async'; import 'package:flutter/foundation.dart' show visibleForTesting; -import 'package:flutter/services.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; import 'src/messages.g.dart'; @@ -19,101 +18,237 @@ class GoogleSignInIOS extends GoogleSignInPlatform { final GoogleSignInApi _api; + String? _nonce; + /// Registers this class as the default instance of [GoogleSignInPlatform]. static void registerWith() { GoogleSignInPlatform.instance = GoogleSignInIOS(); } @override - Future init({ - List scopes = const [], - SignInOption signInOption = SignInOption.standard, - String? hostedDomain, - String? clientId, - }) { - return initWithParams(SignInInitParameters( - signInOption: signInOption, - scopes: scopes, - hostedDomain: hostedDomain, - clientId: clientId, - )); + Future init(InitParameters params) async { + _nonce = params.nonce; + await _api.configure(PlatformConfigurationParams( + clientId: params.clientId, + serverClientId: params.serverClientId, + hostedDomain: params.hostedDomain)); } @override - Future initWithParams(SignInInitParameters params) { - if (params.signInOption == SignInOption.games) { - throw PlatformException( - code: 'unsupported-options', - message: 'Games sign in is not supported on iOS'); + Future attemptLightweightAuthentication( + AttemptLightweightAuthenticationParameters params) async { + final SignInResult result = await _api.restorePreviousSignIn(); + + if (result.error?.type == GoogleSignInErrorCode.noAuthInKeychain) { + return null; } - if (params.forceAccountName != null) { - throw ArgumentError('Force account name is not supported on iOS'); + + final SignInFailure? failure = result.error; + if (failure != null) { + throw GoogleSignInException( + code: _exceptionCodeForErrorPlatformErrorCode(failure.type), + description: failure.message, + details: failure.details); } - return _api.init(InitParams( - scopes: params.scopes, - hostedDomain: params.hostedDomain, - clientId: params.clientId, - serverClientId: params.serverClientId, - )); - } - @override - Future signInSilently() { - return _api.signInSilently().then(_signInUserDataFromChannelData); + // The native code must never return a null success and a null error. + // Switching the native implementation to Swift and using sealed classes + // in the Pigeon definition (see Android's messages.dart) will allow + // enforcing this via the type system instead of force unwrapping. + final SignInSuccess success = result.success!; + return _authenticationResultsFromSignInSuccess(success); } @override - Future signIn() { - return _api.signIn().then(_signInUserDataFromChannelData); - } + bool supportsAuthenticate() => true; @override - Future getTokens( - {required String email, bool? shouldRecoverAuth = true}) { - return _api.getAccessToken().then(_signInTokenDataFromChannelData); + Future authenticate( + AuthenticateParameters params) async { + final SignInResult result = await _api.signIn(params.scopeHint, _nonce); + + // This should never happen; the corresponding native error code is + // documented as being specific to restorePreviousSignIn. + if (result.error?.type == GoogleSignInErrorCode.noAuthInKeychain) { + throw const GoogleSignInException( + code: GoogleSignInExceptionCode.unknownError, + description: 'No auth reported during interactive sign in.'); + } + + final SignInFailure? failure = result.error; + if (failure != null) { + throw GoogleSignInException( + code: _exceptionCodeForErrorPlatformErrorCode(failure.type), + description: failure.message, + details: failure.details); + } + + // The native code must never return a null success and a null error. + // Switching the native implementation to Swift and using sealed classes + // in the Pigeon definition (see Android's messages.dart) will allow + // enforcing this via the type system instead of force unwrapping. + final SignInSuccess success = result.success!; + return _authenticationResultsFromSignInSuccess(success); } @override - Future signOut() { + Future signOut(SignOutParams params) { return _api.signOut(); } @override - Future disconnect() { - return _api.disconnect(); + Future disconnect(DisconnectParams params) async { + await _api.disconnect(); + await signOut(const SignOutParams()); } @override - Future isSignedIn() { - return _api.isSignedIn(); - } + bool authorizationRequiresUserInteraction() => false; @override - Future clearAuthCache({required String token}) async { - // There's nothing to be done here on iOS since the expired/invalid - // tokens are refreshed automatically by getTokens. + Future clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters params) async { + final String? accessToken = + (await _getAuthorizationTokens(params.request)).accessToken; + return accessToken == null + ? null + : ClientAuthorizationTokenData(accessToken: accessToken); } @override - Future requestScopes(List scopes) { - return _api.requestScopes(scopes); + Future serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters params) async { + final String? serverAuthCode = + (await _getAuthorizationTokens(params.request)).serverAuthCode; + return serverAuthCode == null + ? null + : ServerAuthorizationTokenData(serverAuthCode: serverAuthCode); } - GoogleSignInUserData _signInUserDataFromChannelData(UserData data) { - return GoogleSignInUserData( - email: data.email, - id: data.userId, - displayName: data.displayName, - photoUrl: data.photoUrl, - serverAuthCode: data.serverAuthCode, - idToken: data.idToken, - ); + Future<({String? accessToken, String? serverAuthCode})> + _getAuthorizationTokens(AuthorizationRequestDetails request) async { + String? userId = request.userId; + + // The Google Sign In SDK requires authentication before authorization, so + // if the authentication isn't associated with an existing sign-in user + // run the authentication flow first. + if (userId == null) { + SignInResult result = await _api.restorePreviousSignIn(); + final SignInSuccess? success = result.success; + if (success == null) { + // There's no existing sign-in to use, so return the results of the + // combined authn+authz flow, if prompting is allowed. + if (request.promptIfUnauthorized) { + result = await _api.signIn(request.scopes, _nonce); + return _processAuthorizationResult(result); + } else { + // No existing authentication, and no prompting allowed, so return + // no tokens. + return (accessToken: null, serverAuthCode: null); + } + } else { + // Discard the authentication information, and extract the user ID to + // pass back to the authorization step so that it can re-associate + // with the currently signed in user on the native side. + userId = success.user.userId; + } + } + + final bool useExistingAuthorization = !request.promptIfUnauthorized; + SignInResult result = useExistingAuthorization + ? await _api.getRefreshedAuthorizationTokens(userId) + : await _api.addScopes(request.scopes, userId); + if (!useExistingAuthorization && + result.error?.type == GoogleSignInErrorCode.scopesAlreadyGranted) { + // The Google Sign In SDK returns an error when requesting scopes that are + // already authorized, so in that case request updated tokens instead to + // construct a valid token response. + result = await _api.getRefreshedAuthorizationTokens(userId); + } + if (result.error?.type == GoogleSignInErrorCode.noAuthInKeychain) { + return (accessToken: null, serverAuthCode: null); + } + + // If re-using an existing authorization, ensure that it has all of the + // requested scopes before returning it, as the list of requested scopes + // may have changed since the last authorization. + if (useExistingAuthorization) { + final SignInSuccess? success = result.success; + // Don't validate the OpenID Connect scopes (see + // https://developers.google.com/identity/protocols/oauth2/scopes#openid-connect + // for details), as they should always be available, and the granted + // scopes may not report them with the same string as the request. + // For example, requesting 'email' can instead result in the grant + // 'https://www.googleapis.com/auth/userinfo.email'. + const Set openIdConnectScopes = { + 'email', + 'openid', + 'profile' + }; + if (success != null) { + if (request.scopes.any((String scope) => + !openIdConnectScopes.contains(scope) && + !success.grantedScopes.contains(scope))) { + return (accessToken: null, serverAuthCode: null); + } + } + } + + return _processAuthorizationResult(result); } - GoogleSignInTokenData _signInTokenDataFromChannelData(TokenData data) { - return GoogleSignInTokenData( - idToken: data.idToken, - accessToken: data.accessToken, + Future<({String? accessToken, String? serverAuthCode})> + _processAuthorizationResult(SignInResult result) async { + final SignInFailure? failure = result.error; + if (failure != null) { + throw GoogleSignInException( + code: _exceptionCodeForErrorPlatformErrorCode(failure.type), + description: failure.message, + details: failure.details); + } + + return _authorizationTokenDataFromSignInSuccess(result.success); + } + + AuthenticationResults _authenticationResultsFromSignInSuccess( + SignInSuccess result) { + final UserData userData = result.user; + final GoogleSignInUserData user = GoogleSignInUserData( + email: userData.email, + id: userData.userId, + displayName: userData.displayName, + photoUrl: userData.photoUrl); + return AuthenticationResults( + user: user, + authenticationTokens: + AuthenticationTokenData(idToken: userData.idToken)); + } + + ({String? accessToken, String? serverAuthCode}) + _authorizationTokenDataFromSignInSuccess(SignInSuccess? result) { + return ( + accessToken: result?.accessToken, + serverAuthCode: result?.serverAuthCode ); } + + GoogleSignInExceptionCode _exceptionCodeForErrorPlatformErrorCode( + GoogleSignInErrorCode code) { + return switch (code) { + GoogleSignInErrorCode.unknown => GoogleSignInExceptionCode.unknownError, + GoogleSignInErrorCode.keychainError => + GoogleSignInExceptionCode.providerConfigurationError, + GoogleSignInErrorCode.canceled => GoogleSignInExceptionCode.canceled, + GoogleSignInErrorCode.eemError => + GoogleSignInExceptionCode.providerConfigurationError, + GoogleSignInErrorCode.userMismatch => + GoogleSignInExceptionCode.userMismatch, + // These should never be mapped to a GoogleSignInException; the caller + // should handle them. + GoogleSignInErrorCode.noAuthInKeychain => throw StateError( + '_exceptionCodeForErrorPlatformErrorCode called with no auth.'), + GoogleSignInErrorCode.scopesAlreadyGranted => throw StateError( + '_exceptionCodeForErrorPlatformErrorCode called with scopes already granted.'), + }; + } } diff --git a/packages/google_sign_in/google_sign_in_ios/lib/src/messages.g.dart b/packages/google_sign_in/google_sign_in_ios/lib/src/messages.g.dart index 21dd2ebf8e2..f4e23701c04 100644 --- a/packages/google_sign_in/google_sign_in_ios/lib/src/messages.g.dart +++ b/packages/google_sign_in/google_sign_in_ios/lib/src/messages.g.dart @@ -1,9 +1,9 @@ // Copyright 2013 The Flutter Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -// Autogenerated from Pigeon (v11.0.1), do not edit directly. +// Autogenerated from Pigeon (v22.7.4), do not edit directly. // See also: https://pub.dev/packages/pigeon -// ignore_for_file: public_member_api_docs, non_constant_identifier_names, avoid_as, unused_import, unnecessary_parenthesis, prefer_null_aware_operators, omit_local_variable_types, unused_shown_name, unnecessary_import +// ignore_for_file: public_member_api_docs, non_constant_identifier_names, avoid_as, unused_import, unnecessary_parenthesis, prefer_null_aware_operators, omit_local_variable_types, unused_shown_name, unnecessary_import, no_leading_underscores_for_local_identifiers import 'dart:async'; import 'dart:typed_data' show Float64List, Int32List, Int64List, Uint8List; @@ -11,55 +11,84 @@ import 'dart:typed_data' show Float64List, Int32List, Int64List, Uint8List; import 'package:flutter/foundation.dart' show ReadBuffer, WriteBuffer; import 'package:flutter/services.dart'; -/// Pigeon version of SignInInitParams. -/// -/// See SignInInitParams for details. -class InitParams { - InitParams({ - required this.scopes, - this.hostedDomain, +PlatformException _createConnectionError(String channelName) { + return PlatformException( + code: 'channel-error', + message: 'Unable to establish connection on channel: "$channelName".', + ); +} + +/// Enum mapping of known codes from +/// https://developers.google.com/identity/sign-in/ios/reference/Enums/GIDSignInErrorCode +enum GoogleSignInErrorCode { + /// Either the underlying kGIDSignInErrorCodeUnknown, or a code that isn't + /// a known code mapped to a value below. + unknown, + + /// kGIDSignInErrorCodeKeychain; an error reading or writing to keychain. + keychainError, + + /// kGIDSignInErrorCodeHasNoAuthInKeychain; no auth present in the keychain. + /// + /// For restorePreviousSignIn, this indicates that there is no sign in to + /// restore. + noAuthInKeychain, + + /// kGIDSignInErrorCodeCanceled; the request was canceled by the user. + canceled, + + /// kGIDSignInErrorCodeEMM; an enterprise management error occurred. + eemError, + + /// kGIDSignInErrorCodeScopesAlreadyGranted; the requested scopes have already + /// been granted. + scopesAlreadyGranted, + + /// kGIDSignInErrorCodeMismatchWithCurrentUser; an operation was requested on + /// a non-current user. + userMismatch, +} + +class PlatformConfigurationParams { + PlatformConfigurationParams({ this.clientId, this.serverClientId, + this.hostedDomain, }); - List scopes; - - String? hostedDomain; - String? clientId; String? serverClientId; + String? hostedDomain; + Object encode() { return [ - scopes, - hostedDomain, clientId, serverClientId, + hostedDomain, ]; } - static InitParams decode(Object result) { + static PlatformConfigurationParams decode(Object result) { result as List; - return InitParams( - scopes: (result[0] as List?)!.cast(), - hostedDomain: result[1] as String?, - clientId: result[2] as String?, - serverClientId: result[3] as String?, + return PlatformConfigurationParams( + clientId: result[0] as String?, + serverClientId: result[1] as String?, + hostedDomain: result[2] as String?, ); } } -/// Pigeon version of GoogleSignInUserData. +/// Pigeon version of GoogleSignInUserData + AuthenticationTokenData. /// -/// See GoogleSignInUserData for details. +/// See GoogleSignInUserData and AuthenticationTokenData for details. class UserData { UserData({ this.displayName, required this.email, required this.userId, this.photoUrl, - this.serverAuthCode, this.idToken, }); @@ -71,8 +100,6 @@ class UserData { String? photoUrl; - String? serverAuthCode; - String? idToken; Object encode() { @@ -81,7 +108,6 @@ class UserData { email, userId, photoUrl, - serverAuthCode, idToken, ]; } @@ -93,53 +119,145 @@ class UserData { email: result[1]! as String, userId: result[2]! as String, photoUrl: result[3] as String?, - serverAuthCode: result[4] as String?, - idToken: result[5] as String?, + idToken: result[4] as String?, ); } } -/// Pigeon version of GoogleSignInTokenData. +/// The response from an auth call. +class SignInResult { + SignInResult({ + this.success, + this.error, + }); + + /// The success result, if any. + /// + /// Exactly one of success and error will be non-nil. + SignInSuccess? success; + + /// The error result, if any. + /// + /// Exactly one of success and error will be non-nil. + SignInFailure? error; + + Object encode() { + return [ + success, + error, + ]; + } + + static SignInResult decode(Object result) { + result as List; + return SignInResult( + success: result[0] as SignInSuccess?, + error: result[1] as SignInFailure?, + ); + } +} + +/// An sign in failure. +class SignInFailure { + SignInFailure({ + required this.type, + this.message, + this.details, + }); + + /// The type of failure. + GoogleSignInErrorCode type; + + /// The message associated with the failure, if any. + String? message; + + /// Extra details about the failure, if any. + Object? details; + + Object encode() { + return [ + type, + message, + details, + ]; + } + + static SignInFailure decode(Object result) { + result as List; + return SignInFailure( + type: result[0]! as GoogleSignInErrorCode, + message: result[1] as String?, + details: result[2], + ); + } +} + +/// A successful auth result. /// -/// See GoogleSignInTokenData for details. -class TokenData { - TokenData({ - this.idToken, - this.accessToken, +/// Corresponds to the information in a native GIDSignInResult. Because of the +/// structure of the Google Sign In SDK, this has information corresponding to +/// both authn and authz steps, even though incremental authorization is +/// supported. +class SignInSuccess { + SignInSuccess({ + required this.user, + required this.accessToken, + required this.grantedScopes, + this.serverAuthCode, }); - String? idToken; + UserData user; + + String accessToken; - String? accessToken; + List grantedScopes; + + String? serverAuthCode; Object encode() { return [ - idToken, + user, accessToken, + grantedScopes, + serverAuthCode, ]; } - static TokenData decode(Object result) { + static SignInSuccess decode(Object result) { result as List; - return TokenData( - idToken: result[0] as String?, - accessToken: result[1] as String?, + return SignInSuccess( + user: result[0]! as UserData, + accessToken: result[1]! as String, + grantedScopes: (result[2] as List?)!.cast(), + serverAuthCode: result[3] as String?, ); } } -class _GoogleSignInApiCodec extends StandardMessageCodec { - const _GoogleSignInApiCodec(); +class _PigeonCodec extends StandardMessageCodec { + const _PigeonCodec(); @override void writeValue(WriteBuffer buffer, Object? value) { - if (value is InitParams) { - buffer.putUint8(128); - writeValue(buffer, value.encode()); - } else if (value is TokenData) { + if (value is int) { + buffer.putUint8(4); + buffer.putInt64(value); + } else if (value is GoogleSignInErrorCode) { buffer.putUint8(129); + writeValue(buffer, value.index); + } else if (value is PlatformConfigurationParams) { + buffer.putUint8(130); writeValue(buffer, value.encode()); } else if (value is UserData) { - buffer.putUint8(130); + buffer.putUint8(131); + writeValue(buffer, value.encode()); + } else if (value is SignInResult) { + buffer.putUint8(132); + writeValue(buffer, value.encode()); + } else if (value is SignInFailure) { + buffer.putUint8(133); + writeValue(buffer, value.encode()); + } else if (value is SignInSuccess) { + buffer.putUint8(134); writeValue(buffer, value.encode()); } else { super.writeValue(buffer, value); @@ -149,12 +267,19 @@ class _GoogleSignInApiCodec extends StandardMessageCodec { @override Object? readValueOfType(int type, ReadBuffer buffer) { switch (type) { - case 128: - return InitParams.decode(readValue(buffer)!); case 129: - return TokenData.decode(readValue(buffer)!); + final int? value = readValue(buffer) as int?; + return value == null ? null : GoogleSignInErrorCode.values[value]; case 130: + return PlatformConfigurationParams.decode(readValue(buffer)!); + case 131: return UserData.decode(readValue(buffer)!); + case 132: + return SignInResult.decode(readValue(buffer)!); + case 133: + return SignInFailure.decode(readValue(buffer)!); + case 134: + return SignInSuccess.decode(readValue(buffer)!); default: return super.readValueOfType(type, buffer); } @@ -165,217 +290,210 @@ class GoogleSignInApi { /// Constructor for [GoogleSignInApi]. The [binaryMessenger] named argument is /// available for dependency injection. If it is left null, the default /// BinaryMessenger will be used which routes to the host platform. - GoogleSignInApi({BinaryMessenger? binaryMessenger}) - : _binaryMessenger = binaryMessenger; - final BinaryMessenger? _binaryMessenger; - - static const MessageCodec codec = _GoogleSignInApiCodec(); - - /// Initializes a sign in request with the given parameters. - Future init(InitParams arg_params) async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.init', codec, - binaryMessenger: _binaryMessenger); - final List? replyList = - await channel.send([arg_params]) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { + GoogleSignInApi( + {BinaryMessenger? binaryMessenger, String messageChannelSuffix = ''}) + : pigeonVar_binaryMessenger = binaryMessenger, + pigeonVar_messageChannelSuffix = + messageChannelSuffix.isNotEmpty ? '.$messageChannelSuffix' : ''; + final BinaryMessenger? pigeonVar_binaryMessenger; + + static const MessageCodec pigeonChannelCodec = _PigeonCodec(); + + final String pigeonVar_messageChannelSuffix; + + /// Configures the sign in object with application-level parameters. + Future configure(PlatformConfigurationParams params) async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.configure$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = + await pigeonVar_channel.send([params]) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); } else { return; } } - /// Starts a silent sign in. - Future signInSilently() async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signInSilently', - codec, - binaryMessenger: _binaryMessenger); - final List? replyList = await channel.send(null) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { + /// Attempts to restore an existing sign-in, if any, with minimal user + /// interaction. + Future restorePreviousSignIn() async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.restorePreviousSignIn$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = + await pigeonVar_channel.send(null) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); - } else if (replyList[0] == null) { + } else if (pigeonVar_replyList[0] == null) { throw PlatformException( code: 'null-error', message: 'Host platform returned null value for non-null return value.', ); } else { - return (replyList[0] as UserData?)!; + return (pigeonVar_replyList[0] as SignInResult?)!; } } /// Starts a sign in with user interaction. - Future signIn() async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signIn', codec, - binaryMessenger: _binaryMessenger); - final List? replyList = await channel.send(null) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { + Future signIn(List scopeHint, String? nonce) async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signIn$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = await pigeonVar_channel + .send([scopeHint, nonce]) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); - } else if (replyList[0] == null) { + } else if (pigeonVar_replyList[0] == null) { throw PlatformException( code: 'null-error', message: 'Host platform returned null value for non-null return value.', ); } else { - return (replyList[0] as UserData?)!; + return (pigeonVar_replyList[0] as SignInResult?)!; } } /// Requests the access token for the current sign in. - Future getAccessToken() async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.getAccessToken', - codec, - binaryMessenger: _binaryMessenger); - final List? replyList = await channel.send(null) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { + Future getRefreshedAuthorizationTokens(String userId) async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.getRefreshedAuthorizationTokens$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = + await pigeonVar_channel.send([userId]) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); - } else if (replyList[0] == null) { + } else if (pigeonVar_replyList[0] == null) { throw PlatformException( code: 'null-error', message: 'Host platform returned null value for non-null return value.', ); } else { - return (replyList[0] as TokenData?)!; + return (pigeonVar_replyList[0] as SignInResult?)!; } } - /// Signs out the current user. - Future signOut() async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signOut', codec, - binaryMessenger: _binaryMessenger); - final List? replyList = await channel.send(null) as List?; - if (replyList == null) { + /// Requests authorization of the given additional scopes. + Future addScopes(List scopes, String userId) async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.addScopes$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = await pigeonVar_channel + .send([scopes, userId]) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); - } else if (replyList.length > 1) { + } else if (pigeonVar_replyList[0] == null) { throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], + code: 'null-error', + message: 'Host platform returned null value for non-null return value.', ); } else { - return; + return (pigeonVar_replyList[0] as SignInResult?)!; } } - /// Revokes scope grants to the application. - Future disconnect() async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.disconnect', - codec, - binaryMessenger: _binaryMessenger); - final List? replyList = await channel.send(null) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { + /// Signs out the current user. + Future signOut() async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.signOut$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = + await pigeonVar_channel.send(null) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); } else { return; } } - /// Returns whether the user is currently signed in. - Future isSignedIn() async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.isSignedIn', - codec, - binaryMessenger: _binaryMessenger); - final List? replyList = await channel.send(null) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { - throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], - ); - } else if (replyList[0] == null) { - throw PlatformException( - code: 'null-error', - message: 'Host platform returned null value for non-null return value.', - ); - } else { - return (replyList[0] as bool?)!; - } - } - - /// Requests access to the given scopes. - Future requestScopes(List arg_scopes) async { - final BasicMessageChannel channel = BasicMessageChannel( - 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.requestScopes', - codec, - binaryMessenger: _binaryMessenger); - final List? replyList = - await channel.send([arg_scopes]) as List?; - if (replyList == null) { - throw PlatformException( - code: 'channel-error', - message: 'Unable to establish connection on channel.', - ); - } else if (replyList.length > 1) { - throw PlatformException( - code: replyList[0]! as String, - message: replyList[1] as String?, - details: replyList[2], - ); - } else if (replyList[0] == null) { + /// Revokes scope grants to the application. + Future disconnect() async { + final String pigeonVar_channelName = + 'dev.flutter.pigeon.google_sign_in_ios.GoogleSignInApi.disconnect$pigeonVar_messageChannelSuffix'; + final BasicMessageChannel pigeonVar_channel = + BasicMessageChannel( + pigeonVar_channelName, + pigeonChannelCodec, + binaryMessenger: pigeonVar_binaryMessenger, + ); + final List? pigeonVar_replyList = + await pigeonVar_channel.send(null) as List?; + if (pigeonVar_replyList == null) { + throw _createConnectionError(pigeonVar_channelName); + } else if (pigeonVar_replyList.length > 1) { throw PlatformException( - code: 'null-error', - message: 'Host platform returned null value for non-null return value.', + code: pigeonVar_replyList[0]! as String, + message: pigeonVar_replyList[1] as String?, + details: pigeonVar_replyList[2], ); } else { - return (replyList[0] as bool?)!; + return; } } } diff --git a/packages/google_sign_in/google_sign_in_ios/pigeons/messages.dart b/packages/google_sign_in/google_sign_in_ios/pigeons/messages.dart index e7de686ee72..aae37cdf728 100644 --- a/packages/google_sign_in/google_sign_in_ios/pigeons/messages.dart +++ b/packages/google_sign_in/google_sign_in_ios/pigeons/messages.dart @@ -7,44 +7,36 @@ import 'package:pigeon/pigeon.dart'; @ConfigurePigeon(PigeonOptions( dartOut: 'lib/src/messages.g.dart', objcHeaderOut: - 'darwin/google_sign_in_ios/Sources/google_sign_in/include/google_sign_in/messages.g.h', + 'darwin/google_sign_in_ios/Sources/google_sign_in_ios/include/google_sign_in_ios/messages.g.h', objcSourceOut: - 'darwin/google_sign_in_ios/Sources/google_sign_in/messages.g.m', + 'darwin/google_sign_in_ios/Sources/google_sign_in_ios/messages.g.m', objcOptions: ObjcOptions( prefix: 'FSI', - headerIncludePath: './include/google_sign_in/messages.g.h', + headerIncludePath: './include/google_sign_in_ios/messages.g.h', ), copyrightHeader: 'pigeons/copyright.txt', )) - -/// Pigeon version of SignInInitParams. -/// -/// See SignInInitParams for details. -class InitParams { - /// The parameters to use when initializing the sign in process. - const InitParams({ - this.scopes = const [], - this.hostedDomain, +class PlatformConfigurationParams { + PlatformConfigurationParams({ this.clientId, this.serverClientId, + this.hostedDomain, }); - final List scopes; - final String? hostedDomain; final String? clientId; final String? serverClientId; + final String? hostedDomain; } -/// Pigeon version of GoogleSignInUserData. +/// Pigeon version of GoogleSignInUserData + AuthenticationTokenData. /// -/// See GoogleSignInUserData for details. +/// See GoogleSignInUserData and AuthenticationTokenData for details. class UserData { UserData({ required this.email, required this.userId, this.displayName, this.photoUrl, - this.serverAuthCode, this.idToken, }); @@ -52,40 +44,110 @@ class UserData { final String email; final String userId; final String? photoUrl; - final String? serverAuthCode; final String? idToken; } -/// Pigeon version of GoogleSignInTokenData. +/// Enum mapping of known codes from +/// https://developers.google.com/identity/sign-in/ios/reference/Enums/GIDSignInErrorCode +enum GoogleSignInErrorCode { + /// Either the underlying kGIDSignInErrorCodeUnknown, or a code that isn't + /// a known code mapped to a value below. + unknown, + + /// kGIDSignInErrorCodeKeychain; an error reading or writing to keychain. + keychainError, + + /// kGIDSignInErrorCodeHasNoAuthInKeychain; no auth present in the keychain. + /// + /// For restorePreviousSignIn, this indicates that there is no sign in to + /// restore. + noAuthInKeychain, + + /// kGIDSignInErrorCodeCanceled; the request was canceled by the user. + canceled, + + /// kGIDSignInErrorCodeEMM; an enterprise management error occurred. + eemError, + + /// kGIDSignInErrorCodeScopesAlreadyGranted; the requested scopes have already + /// been granted. + scopesAlreadyGranted, + + /// kGIDSignInErrorCodeMismatchWithCurrentUser; an operation was requested on + /// a non-current user. + userMismatch, +} + +/// The response from an auth call. +// TODO(stuartmorgan): Switch to a sealed base class with two subclasses instead +// of using composition when the plugin is migrated to Swift. +class SignInResult { + /// The success result, if any. + /// + /// Exactly one of success and error will be non-nil. + SignInSuccess? success; + + /// The error result, if any. + /// + /// Exactly one of success and error will be non-nil. + SignInFailure? error; +} + +/// An sign in failure. +class SignInFailure { + /// The type of failure. + late GoogleSignInErrorCode type; + + /// The message associated with the failure, if any. + String? message; + + /// Extra details about the failure, if any. + Object? details; +} + +/// A successful auth result. /// -/// See GoogleSignInTokenData for details. -class TokenData { - TokenData({ - this.idToken, - this.accessToken, - }); +/// Corresponds to the information in a native GIDSignInResult. Because of the +/// structure of the Google Sign In SDK, this has information corresponding to +/// both authn and authz steps, even though incremental authorization is +/// supported. +class SignInSuccess { + late UserData user; - final String? idToken; - final String? accessToken; + late String accessToken; + + late List grantedScopes; + + // This is set only on a new sign in or scope grant, not a restored sign-in. + // See https://github.com/google/GoogleSignIn-iOS/issues/202 + String? serverAuthCode; } @HostApi() abstract class GoogleSignInApi { - /// Initializes a sign in request with the given parameters. - @ObjCSelector('initializeSignInWithParameters:') - void init(InitParams params); + /// Configures the sign in object with application-level parameters. + @ObjCSelector('configureWithParameters:') + void configure(PlatformConfigurationParams params); - /// Starts a silent sign in. + /// Attempts to restore an existing sign-in, if any, with minimal user + /// interaction. @async - UserData signInSilently(); + SignInResult restorePreviousSignIn(); /// Starts a sign in with user interaction. @async - UserData signIn(); + @ObjCSelector('signInWithScopeHint:nonce:') + SignInResult signIn(List scopeHint, String? nonce); /// Requests the access token for the current sign in. @async - TokenData getAccessToken(); + @ObjCSelector('refreshedAuthorizationTokensForUser:') + SignInResult getRefreshedAuthorizationTokens(String userId); + + /// Requests authorization of the given additional scopes. + @async + @ObjCSelector('addScopes:forUser:') + SignInResult addScopes(List scopes, String userId); /// Signs out the current user. void signOut(); @@ -93,12 +155,4 @@ abstract class GoogleSignInApi { /// Revokes scope grants to the application. @async void disconnect(); - - /// Returns whether the user is currently signed in. - bool isSignedIn(); - - /// Requests access to the given scopes. - @async - @ObjCSelector('requestScopes:') - bool requestScopes(List scopes); } diff --git a/packages/google_sign_in/google_sign_in_ios/pubspec.yaml b/packages/google_sign_in/google_sign_in_ios/pubspec.yaml index c6683d84df9..6e5cb025024 100644 --- a/packages/google_sign_in/google_sign_in_ios/pubspec.yaml +++ b/packages/google_sign_in/google_sign_in_ios/pubspec.yaml @@ -2,7 +2,7 @@ name: google_sign_in_ios description: iOS implementation of the google_sign_in plugin. repository: https://github.com/flutter/packages/tree/main/packages/google_sign_in/google_sign_in_ios issue_tracker: https://github.com/flutter/flutter/issues?q=is%3Aissue+is%3Aopen+label%3A%22p%3A+google_sign_in%22 -version: 5.9.0 +version: 6.0.0 environment: sdk: ^3.6.0 @@ -24,7 +24,7 @@ flutter: dependencies: flutter: sdk: flutter - google_sign_in_platform_interface: ^2.5.0 + google_sign_in_platform_interface: ^3.0.0 dev_dependencies: build_runner: ^2.4.6 diff --git a/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.dart b/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.dart index bd9d473a320..153a6c239aa 100644 --- a/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.dart +++ b/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.dart @@ -2,7 +2,6 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -import 'package:flutter/services.dart'; import 'package:flutter_test/flutter_test.dart'; import 'package:google_sign_in_ios/google_sign_in_ios.dart'; import 'package:google_sign_in_ios/src/messages.g.dart'; @@ -12,17 +11,11 @@ import 'package:mockito/mockito.dart'; import 'google_sign_in_ios_test.mocks.dart'; -final GoogleSignInUserData _user = GoogleSignInUserData( - email: 'john.doe@gmail.com', - id: '8162538176523816253123', - photoUrl: 'https://lh5.googleusercontent.com/photo.jpg', - displayName: 'John Doe', - serverAuthCode: '789', - idToken: '123'); - -final GoogleSignInTokenData _token = GoogleSignInTokenData( - idToken: '123', - accessToken: '456', +const GoogleSignInUserData _testUser = GoogleSignInUserData( + email: 'john.doe@gmail.com', + id: '8162538176523816253123', + photoUrl: 'https://lh5.googleusercontent.com/photo.jpg', + displayName: 'John Doe', ); @GenerateMocks([GoogleSignInApi]) @@ -30,11 +23,11 @@ void main() { TestWidgetsFlutterBinding.ensureInitialized(); late GoogleSignInIOS googleSignIn; - late MockGoogleSignInApi api; + late MockGoogleSignInApi mockApi; setUp(() { - api = MockGoogleSignInApi(); - googleSignIn = GoogleSignInIOS(api: api); + mockApi = MockGoogleSignInApi(); + googleSignIn = GoogleSignInIOS(api: mockApi); }); test('registered instance', () { @@ -42,164 +35,982 @@ void main() { expect(GoogleSignInPlatform.instance, isA()); }); - test('init throws for SignInOptions.games', () async { - expect( - () => googleSignIn.init( - hostedDomain: 'example.com', - signInOption: SignInOption.games, - clientId: 'fakeClientId'), - throwsA(isInstanceOf().having( - (PlatformException e) => e.code, 'code', 'unsupported-options'))); - }); - - test('init throws for forceAccountName', () async { - expect( - () => googleSignIn.initWithParams( - const SignInInitParameters( - hostedDomain: 'example.com', - clientId: 'fakeClientId', - forceAccountName: 'fakeEmailAddress@example.com', - ), - ), - throwsA(isInstanceOf().having( - (ArgumentError e) => e.message, - 'message', - 'Force account name is not supported on iOS'))); - }); - - test('signInSilently transforms platform data to GoogleSignInUserData', - () async { - when(api.signInSilently()).thenAnswer((_) async => UserData( - email: _user.email, - userId: _user.id, - photoUrl: _user.photoUrl, - displayName: _user.displayName, - serverAuthCode: _user.serverAuthCode, - idToken: _user.idToken, - )); - - final dynamic response = await googleSignIn.signInSilently(); - - expect(response, _user); - }); + group('support queries', () { + test('reports support for authenticate', () { + expect(googleSignIn.supportsAuthenticate(), true); + }); - test('signInSilently Exceptions -> throws', () async { - when(api.signInSilently()) - .thenAnswer((_) async => throw PlatformException(code: 'fail')); - - expect(googleSignIn.signInSilently(), - throwsA(isInstanceOf())); - }); - - test('signIn transforms platform data to GoogleSignInUserData', () async { - when(api.signIn()).thenAnswer((_) async => UserData( - email: _user.email, - userId: _user.id, - photoUrl: _user.photoUrl, - displayName: _user.displayName, - serverAuthCode: _user.serverAuthCode, - idToken: _user.idToken, - )); - - final dynamic response = await googleSignIn.signIn(); - - expect(response, _user); + test('reports no requirement for user interaction to authorize', () { + expect(googleSignIn.authorizationRequiresUserInteraction(), false); + }); }); - test('signIn Exceptions -> throws', () async { - when(api.signIn()) - .thenAnswer((_) async => throw PlatformException(code: 'fail')); - - expect(googleSignIn.signIn(), throwsA(isInstanceOf())); + group('init', () { + test('passes expected values', () async { + const String clientId = 'aClient'; + const String serverClientId = 'aServerClient'; + const String hostedDomain = 'example.com'; + + await googleSignIn.init(const InitParameters( + clientId: clientId, + serverClientId: serverClientId, + hostedDomain: hostedDomain, + )); + + final VerificationResult verification = + verify(mockApi.configure(captureAny)); + final PlatformConfigurationParams hostParams = + verification.captured[0] as PlatformConfigurationParams; + expect(hostParams.clientId, clientId); + expect(hostParams.serverClientId, serverClientId); + expect(hostParams.hostedDomain, hostedDomain); + }); }); - test('getTokens transforms platform data to GoogleSignInTokenData', () async { - const bool recoverAuth = false; - when(api.getAccessToken()).thenAnswer((_) async => - TokenData(idToken: _token.idToken, accessToken: _token.accessToken)); - - final GoogleSignInTokenData response = await googleSignIn.getTokens( - email: _user.email, shouldRecoverAuth: recoverAuth); - - expect(response, _token); + group('attemptLightweightAuthentication', () { + test('passes success data to caller', () async { + const String idToken = 'idToken'; + when(mockApi.restorePreviousSignIn()) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: idToken, + ), + accessToken: '', + grantedScopes: [], + ))); + + final AuthenticationResults? result = + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + expect(result?.user, _testUser); + expect(result?.authenticationTokens.idToken, idToken); + }); + + test('returns null for missing auth', () async { + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + + final AuthenticationResults? result = + await googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); + + expect(result, null); + }); + + test('throws for other errors', () async { + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.keychainError))); + + expect( + googleSignIn.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.providerConfigurationError))); + }); }); - test('clearAuthCache silently no-ops', () async { - expect(googleSignIn.clearAuthCache(token: 'abc'), completes); + group('authenticate', () { + test('passes nonce if provided', () async { + const String nonce = 'nonce'; + when(mockApi.signIn(any, nonce)).thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: [], + ))); + + await googleSignIn.init(const InitParameters(nonce: nonce)); + await googleSignIn.authenticate(const AuthenticateParameters()); + + verify(mockApi.signIn(any, nonce)); + }); + + test('passes success data to caller', () async { + const String idToken = 'idToken'; + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: idToken, + ), + accessToken: '', + grantedScopes: [], + ))); + + final AuthenticationResults result = + await googleSignIn.authenticate(const AuthenticateParameters()); + + expect(result.user, _testUser); + expect(result.authenticationTokens.idToken, idToken); + }); + + test('throws unknown for missing auth', () async { + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf() + .having((GoogleSignInException e) => e.code, 'code', + GoogleSignInExceptionCode.unknownError) + .having((GoogleSignInException e) => e.description, 'description', + contains('No auth reported')))); + }); + + test('throws provider configuration error for keychain error', () async { + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.keychainError))); + + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.providerConfigurationError))); + }); + + test('throws provider configuration error for EEM error', () async { + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.eemError))); + + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.providerConfigurationError))); + }); + + test('throws canceled from SDK', () async { + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.canceled))); + + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.canceled))); + }); + + test('throws user mismatch from SDK', () async { + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.userMismatch))); + + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.userMismatch))); + }); + + test('throws unknown from SDK', () async { + when(mockApi.signIn(any, null)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.unknown))); + + expect( + googleSignIn.authenticate(const AuthenticateParameters()), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); }); - test('initWithParams passes arguments', () async { - const SignInInitParameters initParams = SignInInitParameters( - hostedDomain: 'example.com', - scopes: ['two', 'scopes'], - clientId: 'fakeClientId', - ); - - await googleSignIn.init( - hostedDomain: initParams.hostedDomain, - scopes: initParams.scopes, - signInOption: initParams.signInOption, - clientId: initParams.clientId, + group('clientAuthorizationTokensForScopes', () { + // Request details used when the details of the request are not relevant to + // the test. + const AuthorizationRequestDetails defaultAuthRequest = + AuthorizationRequestDetails( + scopes: ['a'], + userId: null, + email: null, + promptIfUnauthorized: false, ); - final VerificationResult result = verify(api.init(captureAny)); - final InitParams passedParams = result.captured[0] as InitParams; - expect(passedParams.hostedDomain, initParams.hostedDomain); - expect(passedParams.scopes, initParams.scopes); - expect(passedParams.clientId, initParams.clientId); - // This should use whatever the SignInInitParameters defaults are. - expect(passedParams.serverClientId, initParams.serverClientId); + test('passes expected values to addScopes if interaction is allowed', + () async { + const List scopes = ['a', 'b']; + when(mockApi.addScopes(any, _testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: scopes, + ))); + + await googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + final VerificationResult verification = + verify(mockApi.addScopes(captureAny, _testUser.id)); + final List passedScopes = + verification.captured[0] as List; + expect(passedScopes, scopes); + }); + + test( + 'passes expected values to getRefreshedAuthorizationTokens if ' + 'interaction is not allowed', () async { + const List scopes = ['a', 'b']; + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: scopes, + ))); + + await googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: false, + ))); + + verify(mockApi.getRefreshedAuthorizationTokens(_testUser.id)); + }); + + test('attempts to restore previous sign in if no user is provided', + () async { + const List scopes = ['a', 'b']; + final SignInResult signInResult = SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: [], + )); + when(mockApi.restorePreviousSignIn()) + .thenAnswer((_) async => signInResult); + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => signInResult); + + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: false, + ))); + + // With no user ID provided to clientAuthorizationTokensForScopes, the + // implementation should attempt to restore an existing sign-in, and then + // when that succeeds, get the authorization tokens for that user. + verify(mockApi.restorePreviousSignIn()); + verify(mockApi.getRefreshedAuthorizationTokens(_testUser.id)); + }); + + test('returns null if unauthenticated and interaction is not allowed', + () async { + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + + final ClientAuthorizationTokenData? result = + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: ['a', 'b'], + userId: null, + email: null, + promptIfUnauthorized: false, + ))); + + // With no user ID provided to clientAuthorizationTokensForScopes, the + // implementation should attempt to restore an existing sign-in, and then + // when that fails, return null since without prompting, there is no way + // to authenticate. + verify(mockApi.restorePreviousSignIn()); + expect(result, null); + }); + + test( + 'attempts to authenticate if no user is provided or already signed in ' + 'and interaction is allowed', () async { + const List scopes = ['a', 'b']; + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + when(mockApi.signIn(scopes, null)).thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: [], + ))); + + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: true, + ))); + + // With no user ID provided to clientAuthorizationTokensForScopes, the + // implementation should attempt to restore an existing sign-in, and when + // that fails, prompt for a combined authn+authz. + verify(mockApi.restorePreviousSignIn()); + verify(mockApi.signIn(scopes, null)); + }); + + test('passes success data to caller when refreshing existing auth', + () async { + const List scopes = ['a', 'b']; + const String accessToken = 'token'; + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: accessToken, + grantedScopes: scopes, + ))); + + final ClientAuthorizationTokenData? result = + await googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: false, + ))); + + expect(result?.accessToken, accessToken); + }); + + test('passes success data to caller when calling addScopes', () async { + const List scopes = ['a', 'b']; + const String accessToken = 'token'; + when(mockApi.addScopes(scopes, _testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: accessToken, + grantedScopes: scopes, + ))); + + final ClientAuthorizationTokenData? result = + await googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + expect(result?.accessToken, accessToken); + }); + + test( + 'successfully returns refreshed tokens if addScopes indicates the ' + 'requested scopes are already granted', () async { + const List scopes = ['a', 'b']; + const String accessToken = 'token'; + when(mockApi.addScopes(scopes, _testUser.id)).thenAnswer((_) async => + SignInResult( + error: SignInFailure( + type: GoogleSignInErrorCode.scopesAlreadyGranted))); + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: accessToken, + grantedScopes: scopes, + ))); + + final ClientAuthorizationTokenData? result = + await googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + verify(mockApi.addScopes(scopes, _testUser.id)); + verify(mockApi.getRefreshedAuthorizationTokens(_testUser.id)); + + expect(result?.accessToken, accessToken); + }); + + test('returns null if re-using existing auth and scopes are missing', + () async { + const List requestedScopes = ['a', 'b']; + const List grantedScopes = ['a']; + const String accessToken = 'token'; + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: accessToken, + grantedScopes: grantedScopes, + ))); + + final ClientAuthorizationTokenData? result = + await googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: requestedScopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: false, + ))); + + expect(result, null); + }); + + test('returns null when unauthorized', () async { + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + + expect( + await googleSignIn.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + null); + }); + + test('thows canceled from SDK', () async { + when(mockApi.addScopes(any, any)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.canceled))); + + expect( + googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: const ['a'], + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.canceled))); + }); + + test('throws unknown from SDK', () async { + when(mockApi.addScopes(any, any)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.unknown))); + + expect( + googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: const ['a'], + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); + + test('throws user mismatch from SDK', () async { + when(mockApi.addScopes(any, any)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.userMismatch))); + + expect( + googleSignIn.clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: const ['a'], + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.userMismatch))); + }); }); - test('initWithParams passes arguments', () async { - const SignInInitParameters initParams = SignInInitParameters( - hostedDomain: 'example.com', - scopes: ['two', 'scopes'], - clientId: 'fakeClientId', - serverClientId: 'fakeServerClientId', - forceCodeForRefreshToken: true, + group('serverAuthorizationTokensForScopes', () { + // Request details used when the details of the request are not relevant to + // the test. + const AuthorizationRequestDetails defaultAuthRequest = + AuthorizationRequestDetails( + scopes: ['a'], + userId: null, + email: null, + promptIfUnauthorized: false, ); - await googleSignIn.initWithParams(initParams); - - final VerificationResult result = verify(api.init(captureAny)); - final InitParams passedParams = result.captured[0] as InitParams; - expect(passedParams.hostedDomain, initParams.hostedDomain); - expect(passedParams.scopes, initParams.scopes); - expect(passedParams.clientId, initParams.clientId); - expect(passedParams.serverClientId, initParams.serverClientId); - }); - - test('requestScopes passes arguments', () async { - const List scopes = ['newScope', 'anotherScope']; - when(api.requestScopes(scopes)).thenAnswer((_) async => true); - - final bool response = await googleSignIn.requestScopes(scopes); - - expect(response, true); + test('passes expected values to addScopes if interaction is allowed', + () async { + const List scopes = ['a', 'b']; + when(mockApi.addScopes(any, _testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: scopes, + ))); + + await googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + final VerificationResult verification = + verify(mockApi.addScopes(captureAny, _testUser.id)); + final List passedScopes = + verification.captured[0] as List; + expect(passedScopes, scopes); + }); + + test( + 'passes expected values to getRefreshedAuthorizationTokens if ' + 'interaction is not allowed', () async { + const List scopes = ['a', 'b']; + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: scopes, + ))); + + await googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: false, + ))); + + verify(mockApi.getRefreshedAuthorizationTokens(_testUser.id)); + }); + + test('attempts to restore previous sign in if no user is provided', + () async { + const List scopes = ['a', 'b']; + final SignInResult signInResult = SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: [], + )); + when(mockApi.restorePreviousSignIn()) + .thenAnswer((_) async => signInResult); + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => signInResult); + + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: false, + ))); + + // With no user ID provided to serverAuthorizationTokensForScopes, the + // implementation should attempt to restore an existing sign-in, and then + // when that succeeds, get the authorization tokens for that user. + verify(mockApi.restorePreviousSignIn()); + verify(mockApi.getRefreshedAuthorizationTokens(_testUser.id)); + }); + + test('returns null if unauthenticated and interaction is not allowed', + () async { + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + + final ServerAuthorizationTokenData? result = + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: ['a', 'b'], + userId: null, + email: null, + promptIfUnauthorized: false, + ))); + + // With no user ID provided to serverAuthorizationTokensForScopes, the + // implementation should attempt to restore an existing sign-in, and then + // when that fails, return null since without prompting, there is no way + // to authenticate. + verify(mockApi.restorePreviousSignIn()); + expect(result, null); + }); + + test( + 'attempts to authenticate if no user is provided or already signed in ' + 'and interaction is allowed', () async { + const List scopes = ['a', 'b']; + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + when(mockApi.signIn(scopes, null)).thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: '', + ), + accessToken: '', + grantedScopes: [], + ))); + + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: true, + ))); + + // With no user ID provided to serverAuthorizationTokensForScopes, the + // implementation should attempt to restore an existing sign-in, and when + // that fails, prompt for a combined authn+authz. + verify(mockApi.restorePreviousSignIn()); + verify(mockApi.signIn(scopes, null)); + }); + + test('passes success data to caller when refreshing existing auth', + () async { + const List scopes = ['a', 'b']; + const String serverAuthCode = 'authCode'; + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: 'token', + serverAuthCode: serverAuthCode, + grantedScopes: scopes, + ))); + + final ServerAuthorizationTokenData? result = + await googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: false, + ))); + + expect(result?.serverAuthCode, serverAuthCode); + }); + + test('passes success data to caller when calling addScopes', () async { + const List scopes = ['a', 'b']; + const String serverAuthCode = 'authCode'; + when(mockApi.addScopes(scopes, _testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: 'token', + serverAuthCode: serverAuthCode, + grantedScopes: scopes, + ))); + + final ServerAuthorizationTokenData? result = + await googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + expect(result?.serverAuthCode, serverAuthCode); + }); + + test( + 'successfully returns refreshed tokens if addScopes indicates the ' + 'requested scopes are already granted', () async { + const List scopes = ['a', 'b']; + const String serverAuthCode = 'authCode'; + when(mockApi.addScopes(scopes, _testUser.id)).thenAnswer((_) async => + SignInResult( + error: SignInFailure( + type: GoogleSignInErrorCode.scopesAlreadyGranted))); + when(mockApi.getRefreshedAuthorizationTokens(_testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: 'token', + serverAuthCode: serverAuthCode, + grantedScopes: scopes, + ))); + + final ServerAuthorizationTokenData? result = + await googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + verify(mockApi.addScopes(scopes, _testUser.id)); + verify(mockApi.getRefreshedAuthorizationTokens(_testUser.id)); + + expect(result?.serverAuthCode, serverAuthCode); + }); + + test('returns null if re-using existing auth and scopes are missing', + () async { + const List requestedScopes = ['a', 'b']; + const List grantedScopes = ['a']; + const String accessToken = 'token'; + when(mockApi.addScopes(requestedScopes, _testUser.id)) + .thenAnswer((_) async => SignInResult( + success: SignInSuccess( + user: UserData( + displayName: _testUser.displayName, + email: _testUser.email, + userId: _testUser.id, + photoUrl: _testUser.photoUrl, + idToken: 'idToken', + ), + accessToken: accessToken, + grantedScopes: grantedScopes, + ))); + + final ServerAuthorizationTokenData? result = + await googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: requestedScopes, + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))); + + expect(result, null); + }); + + test('returns null when unauthorized', () async { + when(mockApi.restorePreviousSignIn()).thenAnswer((_) async => + SignInResult( + error: + SignInFailure(type: GoogleSignInErrorCode.noAuthInKeychain))); + + expect( + await googleSignIn.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: defaultAuthRequest)), + null); + }); + + test('thows canceled from SDK', () async { + when(mockApi.addScopes(any, any)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.canceled))); + + expect( + googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: const ['a'], + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.canceled))); + }); + + test('throws unknown from SDK', () async { + when(mockApi.addScopes(any, any)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.unknown))); + + expect( + googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: const ['a'], + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.unknownError))); + }); + + test('throws user mismatch from SDK', () async { + when(mockApi.addScopes(any, any)).thenAnswer((_) async => SignInResult( + error: SignInFailure(type: GoogleSignInErrorCode.userMismatch))); + + expect( + googleSignIn.serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: const ['a'], + userId: _testUser.id, + email: _testUser.email, + promptIfUnauthorized: true, + ))), + throwsA(isInstanceOf().having( + (GoogleSignInException e) => e.code, + 'code', + GoogleSignInExceptionCode.userMismatch))); + }); }); test('signOut calls through', () async { - await googleSignIn.signOut(); + await googleSignIn.signOut(const SignOutParams()); - verify(api.signOut()); + verify(mockApi.signOut()); }); - test('disconnect calls through', () async { - await googleSignIn.disconnect(); + test('disconnect calls through and also signs out', () async { + await googleSignIn.disconnect(const DisconnectParams()); - verify(api.disconnect()); + verifyInOrder(>[ + mockApi.disconnect(), + mockApi.signOut(), + ]); }); - test('isSignedIn passes true response', () async { - when(api.isSignedIn()).thenAnswer((_) async => true); - - expect(await googleSignIn.isSignedIn(), true); - }); - - test('isSignedIn passes false response', () async { - when(api.isSignedIn()).thenAnswer((_) async => false); - - expect(await googleSignIn.isSignedIn(), false); + // Returning null triggers the app-facing package to create stream events, + // per GoogleSignInPlatform docs, so it's important that this returns null + // unless the platform implementation is changed to create all necessary + // notifications. + test('authenticationEvents returns null', () async { + expect(googleSignIn.authenticationEvents, null); }); } diff --git a/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.mocks.dart b/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.mocks.dart index b1414eb4760..7c4871506d3 100644 --- a/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.mocks.dart +++ b/packages/google_sign_in/google_sign_in_ios/test/google_sign_in_ios_test.mocks.dart @@ -1,12 +1,13 @@ -// Mocks generated by Mockito 5.4.4 from annotations +// Mocks generated by Mockito 5.4.5 from annotations // in google_sign_in_ios/test/google_sign_in_ios_test.dart. // Do not manually edit this file. // ignore_for_file: no_leading_underscores_for_library_prefixes -import 'dart:async' as _i3; +import 'dart:async' as _i4; import 'package:google_sign_in_ios/src/messages.g.dart' as _i2; import 'package:mockito/mockito.dart' as _i1; +import 'package:mockito/src/dummies.dart' as _i3; // ignore_for_file: type=lint // ignore_for_file: avoid_redundant_argument_values @@ -16,29 +17,15 @@ import 'package:mockito/mockito.dart' as _i1; // ignore_for_file: deprecated_member_use_from_same_package // ignore_for_file: implementation_imports // ignore_for_file: invalid_use_of_visible_for_testing_member +// ignore_for_file: must_be_immutable // ignore_for_file: prefer_const_constructors // ignore_for_file: unnecessary_parenthesis // ignore_for_file: camel_case_types // ignore_for_file: subtype_of_sealed_class -class _FakeUserData_0 extends _i1.SmartFake implements _i2.UserData { - _FakeUserData_0( - Object parent, - Invocation parentInvocation, - ) : super( - parent, - parentInvocation, - ); -} - -class _FakeTokenData_1 extends _i1.SmartFake implements _i2.TokenData { - _FakeTokenData_1( - Object parent, - Invocation parentInvocation, - ) : super( - parent, - parentInvocation, - ); +class _FakeSignInResult_0 extends _i1.SmartFake implements _i2.SignInResult { + _FakeSignInResult_0(Object parent, Invocation parentInvocation) + : super(parent, parentInvocation); } /// A class which mocks [GoogleSignInApi]. @@ -50,96 +37,85 @@ class MockGoogleSignInApi extends _i1.Mock implements _i2.GoogleSignInApi { } @override - _i3.Future init(_i2.InitParams? arg_params) => (super.noSuchMethod( - Invocation.method( - #init, - [arg_params], + String get pigeonVar_messageChannelSuffix => (super.noSuchMethod( + Invocation.getter(#pigeonVar_messageChannelSuffix), + returnValue: _i3.dummyValue( + this, + Invocation.getter(#pigeonVar_messageChannelSuffix), ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); + ) as String); @override - _i3.Future<_i2.UserData> signInSilently() => (super.noSuchMethod( - Invocation.method( - #signInSilently, - [], - ), - returnValue: _i3.Future<_i2.UserData>.value(_FakeUserData_0( - this, - Invocation.method( - #signInSilently, - [], - ), - )), - ) as _i3.Future<_i2.UserData>); + _i4.Future configure(_i2.PlatformConfigurationParams? params) => + (super.noSuchMethod( + Invocation.method(#configure, [params]), + returnValue: _i4.Future.value(), + returnValueForMissingStub: _i4.Future.value(), + ) as _i4.Future); @override - _i3.Future<_i2.UserData> signIn() => (super.noSuchMethod( - Invocation.method( - #signIn, - [], - ), - returnValue: _i3.Future<_i2.UserData>.value(_FakeUserData_0( - this, - Invocation.method( - #signIn, - [], + _i4.Future<_i2.SignInResult> restorePreviousSignIn() => (super.noSuchMethod( + Invocation.method(#restorePreviousSignIn, []), + returnValue: _i4.Future<_i2.SignInResult>.value( + _FakeSignInResult_0( + this, + Invocation.method(#restorePreviousSignIn, []), ), - )), - ) as _i3.Future<_i2.UserData>); + ), + ) as _i4.Future<_i2.SignInResult>); @override - _i3.Future<_i2.TokenData> getAccessToken() => (super.noSuchMethod( - Invocation.method( - #getAccessToken, - [], - ), - returnValue: _i3.Future<_i2.TokenData>.value(_FakeTokenData_1( - this, - Invocation.method( - #getAccessToken, - [], + _i4.Future<_i2.SignInResult> signIn(List? scopeHint, String? nonce) => + (super.noSuchMethod( + Invocation.method(#signIn, [scopeHint, nonce]), + returnValue: _i4.Future<_i2.SignInResult>.value( + _FakeSignInResult_0( + this, + Invocation.method(#signIn, [scopeHint, nonce]), ), - )), - ) as _i3.Future<_i2.TokenData>); + ), + ) as _i4.Future<_i2.SignInResult>); @override - _i3.Future signOut() => (super.noSuchMethod( - Invocation.method( - #signOut, - [], + _i4.Future<_i2.SignInResult> getRefreshedAuthorizationTokens( + String? userId, + ) => + (super.noSuchMethod( + Invocation.method(#getRefreshedAuthorizationTokens, [userId]), + returnValue: _i4.Future<_i2.SignInResult>.value( + _FakeSignInResult_0( + this, + Invocation.method(#getRefreshedAuthorizationTokens, [userId]), + ), ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); + ) as _i4.Future<_i2.SignInResult>); @override - _i3.Future disconnect() => (super.noSuchMethod( - Invocation.method( - #disconnect, - [], + _i4.Future<_i2.SignInResult> addScopes( + List? scopes, + String? userId, + ) => + (super.noSuchMethod( + Invocation.method(#addScopes, [scopes, userId]), + returnValue: _i4.Future<_i2.SignInResult>.value( + _FakeSignInResult_0( + this, + Invocation.method(#addScopes, [scopes, userId]), + ), ), - returnValue: _i3.Future.value(), - returnValueForMissingStub: _i3.Future.value(), - ) as _i3.Future); + ) as _i4.Future<_i2.SignInResult>); @override - _i3.Future isSignedIn() => (super.noSuchMethod( - Invocation.method( - #isSignedIn, - [], - ), - returnValue: _i3.Future.value(false), - ) as _i3.Future); + _i4.Future signOut() => (super.noSuchMethod( + Invocation.method(#signOut, []), + returnValue: _i4.Future.value(), + returnValueForMissingStub: _i4.Future.value(), + ) as _i4.Future); @override - _i3.Future requestScopes(List? arg_scopes) => - (super.noSuchMethod( - Invocation.method( - #requestScopes, - [arg_scopes], - ), - returnValue: _i3.Future.value(false), - ) as _i3.Future); + _i4.Future disconnect() => (super.noSuchMethod( + Invocation.method(#disconnect, []), + returnValue: _i4.Future.value(), + returnValueForMissingStub: _i4.Future.value(), + ) as _i4.Future); } diff --git a/packages/google_sign_in/google_sign_in_web/CHANGELOG.md b/packages/google_sign_in/google_sign_in_web/CHANGELOG.md index 4f52890653a..7e9920d0b8a 100644 --- a/packages/google_sign_in/google_sign_in_web/CHANGELOG.md +++ b/packages/google_sign_in/google_sign_in_web/CHANGELOG.md @@ -1,5 +1,7 @@ -## NEXT +## 1.0.0 +* **BREAKING CHANGE**: Switches to implementing version 3.0 of the platform + interface package, rather than 2.x, significantly changing the API surface. * Updates minimum supported SDK version to Flutter 3.27/Dart 3.6. ## 0.12.4+4 diff --git a/packages/google_sign_in/google_sign_in_web/README.md b/packages/google_sign_in/google_sign_in_web/README.md index f51d1bd6359..2c226791c92 100644 --- a/packages/google_sign_in/google_sign_in_web/README.md +++ b/packages/google_sign_in/google_sign_in_web/README.md @@ -2,149 +2,8 @@ The web implementation of [google_sign_in](https://pub.dev/packages/google_sign_in) -## Migrating to v0.11 and v0.12 (Google Identity Services) - -The `google_sign_in_web` plugin is backed by the new Google Identity Services -(GIS) JS SDK since version 0.11.0. - -The GIS SDK is used both for [Authentication](https://developers.google.com/identity/gsi/web/guides/overview) -and [Authorization](https://developers.google.com/identity/oauth2/web/guides/overview) flows. - -The GIS SDK, however, doesn't behave exactly like the one being deprecated. -Some concepts have experienced pretty drastic changes, and that's why this -plugin required a major version update. - -### Differences between Google Identity Services SDK and Google Sign-In for Web SDK. - -The **Google Sign-In JavaScript for Web JS SDK** is set to be deprecated after -March 31, 2023. **Google Identity Services (GIS) SDK** is the new solution to -quickly and easily sign users into your app using their Google accounts. - -* In the GIS SDK, Authentication and Authorization are now two separate concerns. - * Authentication (information about the current user) flows will not - authorize `scopes` anymore. - * Authorization (permissions for the app to access certain user information) - flows will not return authentication information. -* The GIS SDK no longer has direct access to previously-seen users upon initialization. - * `signInSilently` now displays the One Tap UX for web. -* **Since 0.12** The plugin provides an `idToken` (JWT-encoded info) when the - user successfully completes an authentication flow: - * In the plugin: `signInSilently` and through the web-only `renderButton` widget. -* The plugin `signIn` method uses the OAuth "Implicit Flow" to Authorize the requested `scopes`. - * This method only provides an `accessToken`, and not an `idToken`, so if your - app needs an `idToken`, this method **should be avoided on the web**. -* The GIS SDK no longer handles sign-in state and user sessions, it only provides - Authentication credentials for the moment the user did authenticate. -* The GIS SDK no longer is able to renew Authorization sessions on the web. - Once the token expires, API requests will begin to fail with unauthorized, - and user Authorization is required again. - -See more differences in the following migration guides: - -* Authentication > [Migrating from Google Sign-In](https://developers.google.com/identity/gsi/web/guides/migration) -* Authorization > [Migrate to Google Identity Services](https://developers.google.com/identity/oauth2/web/guides/migration-to-gis) - -### New use cases to take into account in your app - -#### Authentication != Authorization - -In the GIS SDK, the concepts of Authentication and Authorization have been separated. - -It is possible now to have an Authenticated user that hasn't Authorized any `scopes`. - -Flutter apps that need to run in the web must now handle the fact that an Authenticated -user may not have permissions to access the `scopes` it requires to function. - -The Google Sign In plugin has a new `canAccessScopes` method that can be used to -check if a user is Authorized or not. - -It is also possible that Authorizations expire while users are using an app -(after 3600 seconds), so apps should monitor response failures from the APIs, and -prompt users (interactively) to grant permissions again. - -Check the "Integration considerations > [UX separation for authentication and authorization](https://developers.google.com/identity/gsi/web/guides/integrate#ux_separation_for_authentication_and_authorization) -guide" in the official GIS SDK documentation for more information about this. - -_(See also the [package:google_sign_in example app](https://pub.dev/packages/google_sign_in/example) -for a simple implementation of this (look at the `isAuthorized` variable).)_ - -#### Is this separation *always required*? - -Only if the scopes required by an app are different from the -[OpenID Connect scopes](https://developers.google.com/identity/protocols/oauth2/scopes#openid-connect). - -If an app only needs an `idToken`, or the OpenID Connect scopes, the Authentication -bits of the plugin should be enough for your app (`signInSilently` and `renderButton`). - -### What happened to the `signIn` method on the web? - -Because the GIS SDK for web no longer provides users with the ability to create -their own Sign-In buttons, or an API to start the sign in flow, the current -implementation of `signIn` (that does authorization and authentication) is no -longer feasible on the web. - -The web plugin attempts to simulate the old `signIn` behavior by using the -[OAuth Implicit pop-up flow](https://developers.google.com/identity/oauth2/web/guides/use-token-model), -which authenticates and authorizes users. - -The drawback of this approach is that the OAuth flow **only returns an `accessToken`**, -and a synthetic version of the User Data, that does **not include an `idToken`**. - -The solution to this is to **migrate your custom "Sign In" buttons in the web to -the Button Widget provided by this package: `Widget renderButton()`.** - -_(Check the [package:google_sign_in example app](https://pub.dev/packages/google_sign_in/example) -for an example on how to mix the `renderButton` widget on the web, with a custom -button for the mobile.)_ - -#### Enable access to the People API for your GCP project - -If you want to use the `signIn` method on the web, the plugin will do an additional -request to the PeopleAPI to retrieve the logged-in user information (minus the `idToken`). - -For this to work, you must enable access to the People API on your Client ID in -the GCP console. - -This is **not recommended**. Ideally, your web application should use a mix of -`signInSilently` and the Google Sign In web `renderButton` to authenticate your -users, and then `canAccessScopes` and `requestScopes` to authorize the `scopes` -that are needed. - -#### Why is the `idToken` missing after `signIn`? - -The `idToken` is cryptographically signed by Google Identity Services, and -this plugin can't spoof that signature. - -#### User Sessions - -Since the GIS SDK does _not_ manage user sessions anymore, apps that relied on -this feature might break. - -If long-lived sessions are required, consider using some user authentication -system that supports Google Sign In as a federated Authentication provider, -like [Firebase Auth](https://firebase.google.com/docs/auth/flutter/federated-auth#google), -or similar. - -#### Expired / Invalid Authorization Tokens - -Since the GIS SDK does _not_ auto-renew authorization tokens anymore, it's now -the responsibility of your app to do so. - -Apps now need to monitor the status code of their REST API requests for response -codes different to `200`. For example: - -* `401`: Missing or invalid access token. -* `403`: Expired access token. - -In either case, your app needs to prompt the end user to `requestScopes`, to -**interactively** renew the token. - -The GIS SDK limits authorization token duration to one hour (3600 seconds). - ## Usage -### Import the package - This package is [endorsed](https://flutter.dev/to/endorsed-federated-plugin), which means you can simply use `google_sign_in` normally. This package will be automatically included in your app when you do, @@ -156,7 +15,7 @@ should add it to your `pubspec.yaml` as usual. For example, you need to import this package directly if you plan to use the web-only `Widget renderButton()` method. -### Web integration +## Integration First, go through the instructions [here](https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid) to create your Google Sign-In OAuth client ID. @@ -180,7 +39,7 @@ For local development, you must add two `localhost` entries: * `http://localhost` and * `http://localhost:7357` (or any port that is free in your machine) -#### Starting flutter in http://localhost:7357 +### Starting flutter in http://localhost:7357 Normally `flutter run` starts in a random port. In the case where you need to deal with authentication like the above, that's not the most appropriate behavior. @@ -190,35 +49,49 @@ You can tell `flutter run` to listen for requests in a specific host and port wi flutter run -d chrome --web-hostname localhost --web-port 7357 ``` -### Other APIs - -Read the rest of the instructions if you need to add extra APIs (like Google People API). +## Authentication -### Using the plugin +This implementation returns false for `supportsAuthentication`, and will throw +if `authenticate` is called. This is because the +[Google Identity Services (GIS) SDK](https://developers.google.com/identity/gsi/web/guides/overview) +only allows signing in using UI provided by the SDK. -See the [**Usage** instructions of `package:google_sign_in`](https://pub.dev/packages/google_sign_in#usage) +On the web, instead of providing custom UI that calls `authenticate`, you should +display the Widget returned by `renderButton` (from `web_only.dart`), and listen +to `authenticationEvents` to know when the user has signed in. -Note that the **`serverClientId` parameter of the `GoogleSignIn` constructor is not supported on Web.** +The GIS SDK does not renew authentication sessions. Once the token expires +(after 3600 seconds), if you need to use the `idToken` again you must trigger +a new authentication flow. In most cases, you should use the `idToken` +immediately after authentication, and track sign-in state at the application +level, or via a separate server backend. -## Example +### Migration from versions before 0.12 -Find the example wiring in the [Google sign-in example application](https://github.com/flutter/packages/blob/main/packages/google_sign_in/google_sign_in/example/lib/main.dart). +See [Migrating from Google Sign-In](https://developers.google.com/identity/gsi/web/guides/migration) +for information about the differences between authentication in the GIS SDK and +the SDK used in older versions of this plugin. -## API details - -See [google_sign_in.dart](https://github.com/flutter/packages/blob/main/packages/google_sign_in/google_sign_in/lib/google_sign_in.dart) for more API details. - -## Contributions and Testing +Since the GIS SDK does _not_ manage user sessions anymore, apps that relied on +this feature might break. If long-lived sessions are required, consider using +some user authentication system that supports Google Sign In as a federated +Authentication provider, like +[Firebase Auth](https://firebase.google.com/docs/auth/flutter/federated-auth#google). -Tests are crucial for contributions to this package. All new contributions should be reasonably tested. +## Authorization -**Check the [`test/README.md` file](https://github.com/flutter/packages/blob/main/packages/google_sign_in/google_sign_in_web/test/README.md)** for more information on how to run tests on this package. +The GIS SDK does not renew authorization sessions. Once the token expires +(after 3600 seconds), API requests will begin to fail, and you must re-request +user authorization. For example: -Contributions to this package are welcome. Read the [Contributing to Flutter Plugins](https://github.com/flutter/packages/blob/main/CONTRIBUTING.md) guide to get started. +* `401`: Missing or invalid access token. +* `403`: Expired access token. -## Issues and feedback +See the "Integration considerations > [UX separation for authentication and authorization](https://developers.google.com/identity/gsi/web/guides/integrate#ux_separation_for_authentication_and_authorization) +guide" in the official GIS SDK documentation for more information about this. -Please file [issues](https://github.com/flutter/flutter/issues/new) -to send feedback or report a bug. +### Migration from versions before 0.12 -**Thank you!** +See [Migrate to Google Identity Services](https://developers.google.com/identity/oauth2/web/guides/migration-to-gis) +for information about the differences between authentication in the GIS SDK and +the SDK used in older versions of this plugin. diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.dart index 88b69f26fb5..911c73b3ebf 100644 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.dart +++ b/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.dart @@ -4,19 +4,16 @@ import 'dart:async'; -import 'package:flutter/services.dart' show PlatformException; import 'package:flutter_test/flutter_test.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; import 'package:google_sign_in_web/google_sign_in_web.dart'; import 'package:google_sign_in_web/src/gis_client.dart'; -import 'package:google_sign_in_web/src/people.dart'; import 'package:integration_test/integration_test.dart'; import 'package:mockito/annotations.dart'; import 'package:mockito/mockito.dart' as mockito; import 'package:web/web.dart' as web; import 'google_sign_in_web_test.mocks.dart'; -import 'src/person.dart'; // Mock GisSdkClient so we can simulate any response from the JS side. @GenerateMocks([], customMocks: >[ @@ -54,7 +51,7 @@ void main() { }); }); - group('initWithParams', () { + group('init', () { late GoogleSignInPlugin plugin; late MockGisSdkClient mockGis; @@ -67,10 +64,9 @@ void main() { }); testWidgets('initializes if all is OK', (_) async { - await plugin.initWithParams( - const SignInInitParameters( + await plugin.init( + const InitParameters( clientId: 'some-non-null-client-id', - scopes: ['ok1', 'ok2', 'ok3'], ), ); @@ -79,16 +75,16 @@ void main() { testWidgets('asserts clientId is not null', (_) async { expect(() async { - await plugin.initWithParams( - const SignInInitParameters(), + await plugin.init( + const InitParameters(), ); }, throwsAssertionError); }); testWidgets('asserts serverClientId must be null', (_) async { expect(() async { - await plugin.initWithParams( - const SignInInitParameters( + await plugin.init( + const InitParameters( clientId: 'some-non-null-client-id', serverClientId: 'unexpected-non-null-client-id', ), @@ -96,73 +92,56 @@ void main() { }, throwsAssertionError); }); - testWidgets('asserts no scopes have any spaces', (_) async { - expect(() async { - await plugin.initWithParams( - const SignInInitParameters( - clientId: 'some-non-null-client-id', - scopes: ['ok1', 'ok2', 'not ok', 'ok3'], - ), - ); - }, throwsAssertionError); - }); - - testWidgets('asserts forceAccountName must be null', (_) async { - expect(() async { - await plugin.initWithParams( - const SignInInitParameters( - clientId: 'some-non-null-client-id', - forceAccountName: 'fakeEmailAddress@example.com', - ), - ); - }, throwsAssertionError); - }); - testWidgets('must be called for most of the API to work', (_) async { expect(() async { - await plugin.signInSilently(); + await plugin.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); }, throwsStateError); expect(() async { - await plugin.signIn(); + await plugin.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: [], + userId: null, + email: null, + promptIfUnauthorized: false))); }, throwsStateError); expect(() async { - await plugin.getTokens(email: ''); + await plugin.signOut(const SignOutParams()); }, throwsStateError); expect(() async { - await plugin.signOut(); - }, throwsStateError); - - expect(() async { - await plugin.disconnect(); + await plugin.disconnect(const DisconnectParams()); }, throwsStateError); + }); + }); - expect(() async { - await plugin.isSignedIn(); - }, throwsStateError); + group('support queries', () { + testWidgets('reports lack of support for authenticate', (_) async { + final GoogleSignInPlugin plugin = GoogleSignInPlugin( + debugOverrideLoader: true, + ); - expect(() async { - await plugin.clearAuthCache(token: ''); - }, throwsStateError); + expect(plugin.supportsAuthenticate(), false); + }); - expect(() async { - await plugin.requestScopes([]); - }, throwsStateError); + testWidgets('reports requirement for user interaction to authorize', + (_) async { + final GoogleSignInPlugin plugin = GoogleSignInPlugin( + debugOverrideLoader: true, + ); - expect(() async { - await plugin.canAccessScopes([]); - }, throwsStateError); + expect(plugin.authorizationRequiresUserInteraction(), true); }); }); group('(with mocked GIS)', () { late GoogleSignInPlugin plugin; late MockGisSdkClient mockGis; - const SignInInitParameters options = SignInInitParameters( + const InitParameters options = InitParameters( clientId: 'some-non-null-client-id', - scopes: ['ok1', 'ok2', 'ok3'], ); setUp(() { @@ -173,139 +152,206 @@ void main() { ); }); - group('signInSilently', () { + group('attemptLightweightAuthentication', () { setUp(() { - plugin.initWithParams(options); + plugin.init(options); }); - testWidgets('returns the GIS response', (_) async { - final GoogleSignInUserData someUser = extractUserData(person)!; - + testWidgets('Calls requestOneTap on GIS client', (_) async { mockito - .when(mockGis.signInSilently()) - .thenAnswer((_) => Future.value(someUser)); + .when(mockGis.requestOneTap()) + .thenAnswer((_) => Future.value()); - expect(await plugin.signInSilently(), someUser); + final Future? future = + plugin.attemptLightweightAuthentication( + const AttemptLightweightAuthenticationParameters()); - mockito - .when(mockGis.signInSilently()) - .thenAnswer((_) => Future.value()); + expect(future, null); - expect(await plugin.signInSilently(), isNull); - }); - }); + // Since the implementation intentionally doesn't return a future, just + // given the async call a chance to be made. + await pumpEventQueue(); - group('signIn', () { - setUp(() { - plugin.initWithParams(options); + mockito.verify(mockGis.requestOneTap()); }); + }); - testWidgets('returns the signed-in user', (_) async { - final GoogleSignInUserData someUser = extractUserData(person)!; - - mockito - .when(mockGis.signIn()) - .thenAnswer((_) => Future.value(someUser)); + group('clientAuthorizationTokensForScopes', () { + const String someAccessToken = '50m3_4cc35_70k3n'; + const List scopes = ['scope1', 'scope2']; - expect(await plugin.signIn(), someUser); + setUp(() { + plugin.init(options); }); - testWidgets('returns null if no user is signed in', (_) async { + testWidgets('calls requestScopes on GIS client', (_) async { mockito - .when(mockGis.signIn()) - .thenAnswer((_) => Future.value()); - - expect(await plugin.signIn(), isNull); - }); + .when( + mockGis.requestScopes(mockito.any, + promptIfUnauthorized: + mockito.anyNamed('promptIfUnauthorized'), + userHint: mockito.anyNamed('userHint')), + ) + .thenAnswer((_) => Future.value(someAccessToken)); - testWidgets('converts inner errors to PlatformException', (_) async { - mockito.when(mockGis.signIn()).thenThrow('popup_closed'); + final ClientAuthorizationTokenData? token = + await plugin.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: false))); - try { - await plugin.signIn(); - fail('signIn should have thrown an exception'); - } catch (exception) { - expect(exception, isA()); - expect((exception as PlatformException).code, 'popup_closed'); - } - }); - }); + final List arguments = mockito + .verify( + mockGis.requestScopes(mockito.captureAny, + promptIfUnauthorized: + mockito.captureAnyNamed('promptIfUnauthorized'), + userHint: mockito.captureAnyNamed('userHint')), + ) + .captured; - group('canAccessScopes', () { - const String someAccessToken = '50m3_4cc35_70k3n'; - const List scopes = ['scope1', 'scope2']; + expect(token?.accessToken, someAccessToken); - setUp(() { - plugin.initWithParams(options); + expect(arguments.elementAt(0), scopes); + expect(arguments.elementAt(1), false); + expect(arguments.elementAt(2), null); }); - testWidgets('passes-through call to gis client', (_) async { + testWidgets('passes expected values to requestScopes', (_) async { + const String someUserId = 'someUser'; mockito .when( - mockGis.canAccessScopes(mockito.captureAny, mockito.captureAny), + mockGis.requestScopes(mockito.any, + promptIfUnauthorized: + mockito.anyNamed('promptIfUnauthorized'), + userHint: mockito.anyNamed('userHint')), ) - .thenAnswer((_) => Future.value(true)); + .thenAnswer((_) => Future.value(someAccessToken)); - final bool canAccess = - await plugin.canAccessScopes(scopes, accessToken: someAccessToken); + final ClientAuthorizationTokenData? token = + await plugin.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: scopes, + userId: someUserId, + email: 'someone@example.com', + promptIfUnauthorized: true))); final List arguments = mockito .verify( - mockGis.canAccessScopes(mockito.captureAny, mockito.captureAny), + mockGis.requestScopes(mockito.captureAny, + promptIfUnauthorized: + mockito.captureAnyNamed('promptIfUnauthorized'), + userHint: mockito.captureAnyNamed('userHint')), ) .captured; - expect(canAccess, isTrue); + expect(token?.accessToken, someAccessToken); + + expect(arguments.elementAt(0), scopes); + expect(arguments.elementAt(1), true); + expect(arguments.elementAt(2), someUserId); + }); - expect(arguments.first, scopes); - expect(arguments.elementAt(1), someAccessToken); + testWidgets('asserts no scopes have any spaces', (_) async { + expect( + plugin.clientAuthorizationTokensForScopes( + const ClientAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: ['bad scope', ...scopes], + userId: 'user', + email: 'someone@example.com', + promptIfUnauthorized: true))), + throwsAssertionError); }); }); - group('requestServerAuthCode', () { - const String someAuthCode = '50m3_4u7h_c0d3'; + group('serverAuthorizationTokensForScopes', () { + const String someAuthCode = 'abc123'; + const List scopes = ['scope1', 'scope2']; setUp(() { - plugin.initWithParams(options); + plugin.init(options); }); - testWidgets('passes-through call to gis client', (_) async { + testWidgets('calls requestServerAuthCode on GIS client', (_) async { mockito - .when(mockGis.requestServerAuthCode()) + .when( + mockGis.requestServerAuthCode(mockito.any), + ) .thenAnswer((_) => Future.value(someAuthCode)); - final String? serverAuthCode = await plugin.requestServerAuthCode(); + const AuthorizationRequestDetails request = AuthorizationRequestDetails( + scopes: scopes, + userId: null, + email: null, + promptIfUnauthorized: true); + final ServerAuthorizationTokenData? token = + await plugin.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: request)); + + final List arguments = mockito + .verify(mockGis.requestServerAuthCode(mockito.captureAny)) + .captured; + + expect(token?.serverAuthCode, someAuthCode); + + final AuthorizationRequestDetails passedRequest = + arguments.first! as AuthorizationRequestDetails; + expect(passedRequest.scopes, request.scopes); + expect(passedRequest.userId, request.userId); + expect(passedRequest.email, request.email); + expect( + passedRequest.promptIfUnauthorized, request.promptIfUnauthorized); + }); - expect(serverAuthCode, someAuthCode); + testWidgets('asserts no scopes have any spaces', (_) async { + expect( + plugin.serverAuthorizationTokensForScopes( + const ServerAuthorizationTokensForScopesParameters( + request: AuthorizationRequestDetails( + scopes: ['bad scope', ...scopes], + userId: 'user', + email: 'someone@example.com', + promptIfUnauthorized: true))), + throwsAssertionError); }); }); }); group('userDataEvents', () { - final StreamController controller = - StreamController.broadcast(); + final StreamController controller = + StreamController.broadcast(); late GoogleSignInPlugin plugin; setUp(() { plugin = GoogleSignInPlugin( debugOverrideLoader: true, - debugOverrideUserDataController: controller, + debugAuthenticationController: controller, ); }); testWidgets('accepts async user data events from GIS.', (_) async { - final Future data = plugin.userDataEvents!.first; + final Future event = + plugin.authenticationEvents.first; - final GoogleSignInUserData expected = extractUserData(person)!; + const AuthenticationEvent expected = AuthenticationEventSignIn( + user: + GoogleSignInUserData(email: 'someone@example.com', id: 'user_id'), + authenticationTokens: AuthenticationTokenData(idToken: 'someToken')); controller.add(expected); - expect(await data, expected, + expect(await event, expected, reason: 'Sign-in events should be propagated'); - final Future more = plugin.userDataEvents!.first; - controller.add(null); + final Future nextEvent = + plugin.authenticationEvents.first; + controller.add(AuthenticationEventSignOut()); - expect(await more, isNull, + expect(await nextEvent, isA(), reason: 'Sign-out events can also be propagated'); }); }); diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.mocks.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.mocks.dart index a6b5e9a7183..fd6866e78bb 100644 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.mocks.dart +++ b/packages/google_sign_in/google_sign_in_web/example/integration_test/google_sign_in_web_test.mocks.dart @@ -1,14 +1,14 @@ -// Mocks generated by Mockito 5.4.4 from annotations +// Mocks generated by Mockito 5.4.5 from annotations // in google_sign_in_web_integration_tests/integration_test/google_sign_in_web_test.dart. // Do not manually edit this file. // ignore_for_file: no_leading_underscores_for_library_prefixes -import 'dart:async' as _i4; +import 'dart:async' as _i3; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart' - as _i2; -import 'package:google_sign_in_web/src/button_configuration.dart' as _i5; -import 'package:google_sign_in_web/src/gis_client.dart' as _i3; + as _i5; +import 'package:google_sign_in_web/src/button_configuration.dart' as _i4; +import 'package:google_sign_in_web/src/gis_client.dart' as _i2; import 'package:mockito/mockito.dart' as _i1; // ignore_for_file: type=lint @@ -19,161 +19,73 @@ import 'package:mockito/mockito.dart' as _i1; // ignore_for_file: deprecated_member_use_from_same_package // ignore_for_file: implementation_imports // ignore_for_file: invalid_use_of_visible_for_testing_member +// ignore_for_file: must_be_immutable // ignore_for_file: prefer_const_constructors // ignore_for_file: unnecessary_parenthesis // ignore_for_file: camel_case_types // ignore_for_file: subtype_of_sealed_class -class _FakeGoogleSignInTokenData_0 extends _i1.SmartFake - implements _i2.GoogleSignInTokenData { - _FakeGoogleSignInTokenData_0( - Object parent, - Invocation parentInvocation, - ) : super( - parent, - parentInvocation, - ); -} - /// A class which mocks [GisSdkClient]. /// /// See the documentation for Mockito's code generation for more information. -class MockGisSdkClient extends _i1.Mock implements _i3.GisSdkClient { +class MockGisSdkClient extends _i1.Mock implements _i2.GisSdkClient { @override - _i4.Future<_i2.GoogleSignInUserData?> signInSilently() => (super.noSuchMethod( - Invocation.method( - #signInSilently, - [], - ), - returnValue: _i4.Future<_i2.GoogleSignInUserData?>.value(), - returnValueForMissingStub: - _i4.Future<_i2.GoogleSignInUserData?>.value(), - ) as _i4.Future<_i2.GoogleSignInUserData?>); + void requestOneTap() => super.noSuchMethod( + Invocation.method(#requestOneTap, []), + returnValueForMissingStub: null, + ); @override - _i4.Future renderButton( + _i3.Future renderButton( Object? parent, - _i5.GSIButtonConfiguration? options, + _i4.GSIButtonConfiguration? options, ) => (super.noSuchMethod( - Invocation.method( - #renderButton, - [ - parent, - options, - ], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); - - @override - _i4.Future requestServerAuthCode() => (super.noSuchMethod( - Invocation.method( - #requestServerAuthCode, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); - - @override - _i4.Future<_i2.GoogleSignInUserData?> signIn() => (super.noSuchMethod( - Invocation.method( - #signIn, - [], - ), - returnValue: _i4.Future<_i2.GoogleSignInUserData?>.value(), - returnValueForMissingStub: - _i4.Future<_i2.GoogleSignInUserData?>.value(), - ) as _i4.Future<_i2.GoogleSignInUserData?>); - - @override - _i2.GoogleSignInTokenData getTokens() => (super.noSuchMethod( - Invocation.method( - #getTokens, - [], - ), - returnValue: _FakeGoogleSignInTokenData_0( - this, - Invocation.method( - #getTokens, - [], - ), - ), - returnValueForMissingStub: _FakeGoogleSignInTokenData_0( - this, - Invocation.method( - #getTokens, - [], - ), - ), - ) as _i2.GoogleSignInTokenData); + Invocation.method(#renderButton, [parent, options]), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future signOut() => (super.noSuchMethod( - Invocation.method( - #signOut, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); + _i3.Future requestServerAuthCode( + _i5.AuthorizationRequestDetails? request, + ) => + (super.noSuchMethod( + Invocation.method(#requestServerAuthCode, [request]), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future disconnect() => (super.noSuchMethod( - Invocation.method( - #disconnect, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); + _i3.Future signOut() => (super.noSuchMethod( + Invocation.method(#signOut, []), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future isSignedIn() => (super.noSuchMethod( - Invocation.method( - #isSignedIn, - [], - ), - returnValue: _i4.Future.value(false), - returnValueForMissingStub: _i4.Future.value(false), - ) as _i4.Future); + _i3.Future disconnect() => (super.noSuchMethod( + Invocation.method(#disconnect, []), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future clearAuthCache() => (super.noSuchMethod( - Invocation.method( - #clearAuthCache, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); - - @override - _i4.Future requestScopes(List? scopes) => (super.noSuchMethod( + _i3.Future requestScopes( + List? scopes, { + required bool? promptIfUnauthorized, + String? userHint, + }) => + (super.noSuchMethod( Invocation.method( #requestScopes, [scopes], + { + #promptIfUnauthorized: promptIfUnauthorized, + #userHint: userHint, + }, ), - returnValue: _i4.Future.value(false), - returnValueForMissingStub: _i4.Future.value(false), - ) as _i4.Future); - - @override - _i4.Future canAccessScopes( - List? scopes, - String? accessToken, - ) => - (super.noSuchMethod( - Invocation.method( - #canAccessScopes, - [ - scopes, - accessToken, - ], - ), - returnValue: _i4.Future.value(false), - returnValueForMissingStub: _i4.Future.value(false), - ) as _i4.Future); + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); } diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/people_test.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/people_test.dart deleted file mode 100644 index e81ccb6e95b..00000000000 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/people_test.dart +++ /dev/null @@ -1,132 +0,0 @@ -// Copyright 2013 The Flutter Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -import 'dart:async'; -import 'dart:convert'; - -import 'package:flutter_test/flutter_test.dart'; -import 'package:google_identity_services_web/oauth2.dart'; -import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; -import 'package:google_sign_in_web/src/people.dart'; -import 'package:http/http.dart' as http; -import 'package:http/testing.dart' as http_test; -import 'package:integration_test/integration_test.dart'; - -import 'src/jsify_as.dart'; -import 'src/person.dart'; - -void main() { - IntegrationTestWidgetsFlutterBinding.ensureInitialized(); - - group('requestUserData', () { - const String expectedAccessToken = '3xp3c73d_4cc355_70k3n'; - - final TokenResponse fakeToken = jsifyAs({ - 'token_type': 'Bearer', - 'access_token': expectedAccessToken, - }); - - testWidgets('happy case', (_) async { - final Completer accessTokenCompleter = Completer(); - - final http.Client mockClient = http_test.MockClient( - (http.Request request) async { - accessTokenCompleter.complete(request.headers['Authorization']); - - return http.Response( - jsonEncode(person), - 200, - headers: {'content-type': 'application/json'}, - ); - }, - ); - - final GoogleSignInUserData? user = await requestUserData( - fakeToken, - overrideClient: mockClient, - ); - - expect(user, isNotNull); - expect(user!.email, expectedPersonEmail); - expect(user.id, expectedPersonId); - expect(user.displayName, expectedPersonName); - expect(user.photoUrl, expectedPersonPhoto); - expect(user.idToken, isNull); - expect( - accessTokenCompleter.future, - completion('Bearer $expectedAccessToken'), - ); - }); - - testWidgets('Unauthorized request - throws exception', (_) async { - final http.Client mockClient = http_test.MockClient( - (http.Request request) async { - return http.Response( - 'Unauthorized', - 403, - ); - }, - ); - - expect(() async { - await requestUserData( - fakeToken, - overrideClient: mockClient, - ); - }, throwsA(isA())); - }); - }); - - group('extractUserData', () { - testWidgets('happy case', (_) async { - final GoogleSignInUserData? user = extractUserData(person); - - expect(user, isNotNull); - expect(user!.email, expectedPersonEmail); - expect(user.id, expectedPersonId); - expect(user.displayName, expectedPersonName); - expect(user.photoUrl, expectedPersonPhoto); - expect(user.idToken, isNull); - }); - - testWidgets('no name/photo - keeps going', (_) async { - final Map personWithoutSomeData = - mapWithoutKeys(person, { - 'names', - 'photos', - }); - - final GoogleSignInUserData? user = extractUserData(personWithoutSomeData); - - expect(user, isNotNull); - expect(user!.email, expectedPersonEmail); - expect(user.id, expectedPersonId); - expect(user.displayName, isNull); - expect(user.photoUrl, isNull); - expect(user.idToken, isNull); - }); - - testWidgets('no userId - throws assertion error', (_) async { - final Map personWithoutId = - mapWithoutKeys(person, { - 'resourceName', - }); - - expect(() { - extractUserData(personWithoutId); - }, throwsAssertionError); - }); - - testWidgets('no email - throws assertion error', (_) async { - final Map personWithoutEmail = - mapWithoutKeys(person, { - 'emailAddresses', - }); - - expect(() { - extractUserData(personWithoutEmail); - }, throwsAssertionError); - }); - }); -} diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/src/person.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/src/person.dart deleted file mode 100644 index 2525596eabe..00000000000 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/src/person.dart +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright 2013 The Flutter Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -const String expectedPersonId = '1234567890'; -const String expectedPersonName = 'Vincent Adultman'; -const String expectedPersonEmail = 'adultman@example.com'; -const String expectedPersonPhoto = - 'https://thispersondoesnotexist.com/image?x=.jpg'; - -/// A subset of https://developers.google.com/people/api/rest/v1/people#Person. -final Map person = { - 'resourceName': 'people/$expectedPersonId', - 'emailAddresses': [ - { - 'metadata': { - 'primary': false, - }, - 'value': 'bad@example.com', - }, - { - 'metadata': {}, - 'value': 'nope@example.com', - }, - { - 'metadata': { - 'primary': true, - }, - 'value': expectedPersonEmail, - }, - ], - 'names': [ - { - 'metadata': { - 'primary': true, - }, - 'displayName': expectedPersonName, - }, - { - 'metadata': { - 'primary': false, - }, - 'displayName': 'Fakey McFakeface', - }, - ], - 'photos': [ - { - 'metadata': { - 'primary': true, - }, - 'url': expectedPersonPhoto, - }, - ], -}; - -/// Returns a copy of [map] without the [keysToRemove]. -T mapWithoutKeys>( - T map, - Set keysToRemove, -) { - return Map.fromEntries( - map.entries.where((MapEntry entry) { - return !keysToRemove.contains(entry.key); - }), - ) as T; -} diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/utils_test.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/utils_test.dart index 9dec77b81bd..0914f762cd6 100644 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/utils_test.dart +++ b/packages/google_sign_in/google_sign_in_web/example/integration_test/utils_test.dart @@ -6,7 +6,6 @@ import 'dart:convert'; import 'package:flutter_test/flutter_test.dart'; import 'package:google_identity_services_web/id.dart'; -import 'package:google_identity_services_web/oauth2.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; import 'package:google_sign_in_web/src/utils.dart'; import 'package:integration_test/integration_test.dart'; @@ -17,63 +16,39 @@ import 'src/jwt_examples.dart'; void main() { IntegrationTestWidgetsFlutterBinding.ensureInitialized(); - group('gisResponsesToTokenData', () { - testWidgets('null objects -> no problem', (_) async { - final GoogleSignInTokenData tokens = gisResponsesToTokenData(null, null); - - expect(tokens.accessToken, isNull); - expect(tokens.idToken, isNull); - expect(tokens.serverAuthCode, isNull); - }); - - testWidgets('non-null objects are correctly used', (_) async { - const String expectedIdToken = 'some-value-for-testing'; - const String expectedAccessToken = 'another-value-for-testing'; - - final CredentialResponse credential = - jsifyAs({ - 'credential': expectedIdToken, - }); - final TokenResponse token = jsifyAs({ - 'access_token': expectedAccessToken, - }); - final GoogleSignInTokenData tokens = - gisResponsesToTokenData(credential, token); - - expect(tokens.accessToken, expectedAccessToken); - expect(tokens.idToken, expectedIdToken); - expect(tokens.serverAuthCode, isNull); - }); - }); - - group('gisResponsesToUserData', () { + group('gisResponsesToAuthenticationEvent', () { testWidgets('happy case', (_) async { - final GoogleSignInUserData data = gisResponsesToUserData(goodCredential)!; + final AuthenticationEventSignIn signIn = + gisResponsesToAuthenticationEvent(goodCredential)! + as AuthenticationEventSignIn; + final GoogleSignInUserData data = signIn.user; expect(data.displayName, 'Vincent Adultman'); expect(data.id, '123456'); expect(data.email, 'adultman@example.com'); expect(data.photoUrl, 'https://thispersondoesnotexist.com/image?x=.jpg'); - expect(data.idToken, goodJwtToken); + expect(signIn.authenticationTokens.idToken, goodJwtToken); }); testWidgets('happy case (minimal)', (_) async { - final GoogleSignInUserData data = - gisResponsesToUserData(minimalCredential)!; + final AuthenticationEventSignIn signIn = + gisResponsesToAuthenticationEvent(minimalCredential)! + as AuthenticationEventSignIn; + final GoogleSignInUserData data = signIn.user; expect(data.displayName, isNull); expect(data.id, '123456'); expect(data.email, 'adultman@example.com'); expect(data.photoUrl, isNull); - expect(data.idToken, minimalJwtToken); + expect(signIn.authenticationTokens.idToken, minimalJwtToken); }); testWidgets('null response -> null', (_) async { - expect(gisResponsesToUserData(null), isNull); + expect(gisResponsesToAuthenticationEvent(null), isNull); }); testWidgets('null response.credential -> null', (_) async { - expect(gisResponsesToUserData(nullCredential), isNull); + expect(gisResponsesToAuthenticationEvent(nullCredential), isNull); }); testWidgets('invalid payload -> null', (_) async { @@ -81,7 +56,7 @@ void main() { jsifyAs({ 'credential': 'some-bogus.thing-that-is-not.valid-jwt', }); - expect(gisResponsesToUserData(response), isNull); + expect(gisResponsesToAuthenticationEvent(response), isNull); }); }); diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.dart index 508e291bf2a..f2afcec8f2d 100644 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.dart +++ b/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.dart @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +import 'package:flutter/widgets.dart'; import 'package:flutter_test/flutter_test.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; import 'package:google_sign_in_web/google_sign_in_web.dart' @@ -10,7 +11,7 @@ import 'package:google_sign_in_web/src/gis_client.dart'; import 'package:google_sign_in_web/web_only.dart' as web; import 'package:integration_test/integration_test.dart'; import 'package:mockito/annotations.dart'; -import 'package:mockito/mockito.dart' as mockito; +import 'package:mockito/mockito.dart'; import 'web_only_test.mocks.dart'; @@ -31,42 +32,83 @@ void main() { web.renderButton(); }, throwsAssertionError); }); - - testWidgets('requestServerAuthCode throws', (WidgetTester _) async { - expect(() async { - await web.requestServerAuthCode(); - }, throwsAssertionError); - }); }); group('web plugin instance', () { - const String someAuthCode = '50m3_4u7h_c0d3'; late MockGisSdkClient mockGis; - setUp(() { + setUp(() async { mockGis = MockGisSdkClient(); GoogleSignInPlatform.instance = GoogleSignInPlugin( debugOverrideLoader: true, debugOverrideGisSdkClient: mockGis, - )..initWithParams( - const SignInInitParameters( - clientId: 'does-not-matter', - ), - ); + ); + await GoogleSignInPlatform.instance.init( + const InitParameters( + clientId: 'does-not-matter', + ), + ); }); - testWidgets('call reaches GIS API', (WidgetTester _) async { - mockito - .when(mockGis.requestServerAuthCode()) - .thenAnswer((_) => Future.value(someAuthCode)); + testWidgets('renderButton returns successfully', (WidgetTester _) async { + when(mockGis.renderButton(any, any)) + .thenAnswer((_) => Future.value()); - final String? serverAuthCode = await web.requestServerAuthCode(); + final Widget button = web.renderButton(); - expect(serverAuthCode, someAuthCode); + expect(button, isNotNull); }); }); } /// Fake non-web implementation used to verify that the web_only methods /// throw when the wrong type of instance is configured. -class NonWebImplementation extends GoogleSignInPlatform {} +class NonWebImplementation extends GoogleSignInPlatform { + @override + Future? attemptLightweightAuthentication( + AttemptLightweightAuthenticationParameters params) { + throw UnimplementedError(); + } + + @override + Future authenticate(AuthenticateParameters params) { + throw UnimplementedError(); + } + + @override + Future clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters params) { + throw UnimplementedError(); + } + + @override + Future disconnect(DisconnectParams params) { + throw UnimplementedError(); + } + + @override + Future init(InitParameters params) { + throw UnimplementedError(); + } + + @override + Future serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters params) { + throw UnimplementedError(); + } + + @override + Future signOut(SignOutParams params) { + throw UnimplementedError(); + } + + @override + bool authorizationRequiresUserInteraction() { + throw UnimplementedError(); + } + + @override + bool supportsAuthenticate() { + throw UnimplementedError(); + } +} diff --git a/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.mocks.dart b/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.mocks.dart index e7505d6c8ef..b2b181c0cd8 100644 --- a/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.mocks.dart +++ b/packages/google_sign_in/google_sign_in_web/example/integration_test/web_only_test.mocks.dart @@ -1,14 +1,14 @@ -// Mocks generated by Mockito 5.4.4 from annotations +// Mocks generated by Mockito 5.4.5 from annotations // in google_sign_in_web_integration_tests/integration_test/web_only_test.dart. // Do not manually edit this file. // ignore_for_file: no_leading_underscores_for_library_prefixes -import 'dart:async' as _i4; +import 'dart:async' as _i3; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart' - as _i2; -import 'package:google_sign_in_web/src/button_configuration.dart' as _i5; -import 'package:google_sign_in_web/src/gis_client.dart' as _i3; + as _i5; +import 'package:google_sign_in_web/src/button_configuration.dart' as _i4; +import 'package:google_sign_in_web/src/gis_client.dart' as _i2; import 'package:mockito/mockito.dart' as _i1; // ignore_for_file: type=lint @@ -19,161 +19,73 @@ import 'package:mockito/mockito.dart' as _i1; // ignore_for_file: deprecated_member_use_from_same_package // ignore_for_file: implementation_imports // ignore_for_file: invalid_use_of_visible_for_testing_member +// ignore_for_file: must_be_immutable // ignore_for_file: prefer_const_constructors // ignore_for_file: unnecessary_parenthesis // ignore_for_file: camel_case_types // ignore_for_file: subtype_of_sealed_class -class _FakeGoogleSignInTokenData_0 extends _i1.SmartFake - implements _i2.GoogleSignInTokenData { - _FakeGoogleSignInTokenData_0( - Object parent, - Invocation parentInvocation, - ) : super( - parent, - parentInvocation, - ); -} - /// A class which mocks [GisSdkClient]. /// /// See the documentation for Mockito's code generation for more information. -class MockGisSdkClient extends _i1.Mock implements _i3.GisSdkClient { +class MockGisSdkClient extends _i1.Mock implements _i2.GisSdkClient { @override - _i4.Future<_i2.GoogleSignInUserData?> signInSilently() => (super.noSuchMethod( - Invocation.method( - #signInSilently, - [], - ), - returnValue: _i4.Future<_i2.GoogleSignInUserData?>.value(), - returnValueForMissingStub: - _i4.Future<_i2.GoogleSignInUserData?>.value(), - ) as _i4.Future<_i2.GoogleSignInUserData?>); + void requestOneTap() => super.noSuchMethod( + Invocation.method(#requestOneTap, []), + returnValueForMissingStub: null, + ); @override - _i4.Future renderButton( + _i3.Future renderButton( Object? parent, - _i5.GSIButtonConfiguration? options, + _i4.GSIButtonConfiguration? options, ) => (super.noSuchMethod( - Invocation.method( - #renderButton, - [ - parent, - options, - ], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); - - @override - _i4.Future requestServerAuthCode() => (super.noSuchMethod( - Invocation.method( - #requestServerAuthCode, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); - - @override - _i4.Future<_i2.GoogleSignInUserData?> signIn() => (super.noSuchMethod( - Invocation.method( - #signIn, - [], - ), - returnValue: _i4.Future<_i2.GoogleSignInUserData?>.value(), - returnValueForMissingStub: - _i4.Future<_i2.GoogleSignInUserData?>.value(), - ) as _i4.Future<_i2.GoogleSignInUserData?>); - - @override - _i2.GoogleSignInTokenData getTokens() => (super.noSuchMethod( - Invocation.method( - #getTokens, - [], - ), - returnValue: _FakeGoogleSignInTokenData_0( - this, - Invocation.method( - #getTokens, - [], - ), - ), - returnValueForMissingStub: _FakeGoogleSignInTokenData_0( - this, - Invocation.method( - #getTokens, - [], - ), - ), - ) as _i2.GoogleSignInTokenData); + Invocation.method(#renderButton, [parent, options]), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future signOut() => (super.noSuchMethod( - Invocation.method( - #signOut, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); + _i3.Future requestServerAuthCode( + _i5.AuthorizationRequestDetails? request, + ) => + (super.noSuchMethod( + Invocation.method(#requestServerAuthCode, [request]), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future disconnect() => (super.noSuchMethod( - Invocation.method( - #disconnect, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); + _i3.Future signOut() => (super.noSuchMethod( + Invocation.method(#signOut, []), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future isSignedIn() => (super.noSuchMethod( - Invocation.method( - #isSignedIn, - [], - ), - returnValue: _i4.Future.value(false), - returnValueForMissingStub: _i4.Future.value(false), - ) as _i4.Future); + _i3.Future disconnect() => (super.noSuchMethod( + Invocation.method(#disconnect, []), + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); @override - _i4.Future clearAuthCache() => (super.noSuchMethod( - Invocation.method( - #clearAuthCache, - [], - ), - returnValue: _i4.Future.value(), - returnValueForMissingStub: _i4.Future.value(), - ) as _i4.Future); - - @override - _i4.Future requestScopes(List? scopes) => (super.noSuchMethod( + _i3.Future requestScopes( + List? scopes, { + required bool? promptIfUnauthorized, + String? userHint, + }) => + (super.noSuchMethod( Invocation.method( #requestScopes, [scopes], + { + #promptIfUnauthorized: promptIfUnauthorized, + #userHint: userHint, + }, ), - returnValue: _i4.Future.value(false), - returnValueForMissingStub: _i4.Future.value(false), - ) as _i4.Future); - - @override - _i4.Future canAccessScopes( - List? scopes, - String? accessToken, - ) => - (super.noSuchMethod( - Invocation.method( - #canAccessScopes, - [ - scopes, - accessToken, - ], - ), - returnValue: _i4.Future.value(false), - returnValueForMissingStub: _i4.Future.value(false), - ) as _i4.Future); + returnValue: _i3.Future.value(), + returnValueForMissingStub: _i3.Future.value(), + ) as _i3.Future); } diff --git a/packages/google_sign_in/google_sign_in_web/example/lib/button_tester.dart b/packages/google_sign_in/google_sign_in_web/example/lib/button_tester.dart index 02b4346e9b8..862afe64e91 100644 --- a/packages/google_sign_in/google_sign_in_web/example/lib/button_tester.dart +++ b/packages/google_sign_in/google_sign_in_web/example/lib/button_tester.dart @@ -14,7 +14,7 @@ import 'src/button_configuration_column.dart'; final GoogleSignInPlatform _platform = GoogleSignInPlatform.instance; Future main() async { - await _platform.initWithParams(const SignInInitParameters( + await _platform.init(const InitParameters( clientId: 'your-client_id.apps.googleusercontent.com', )); runApp( @@ -41,19 +41,21 @@ class _ButtonConfiguratorState extends State { @override void initState() { super.initState(); - _platform.userDataEvents?.listen((GoogleSignInUserData? userData) { + _platform.authenticationEvents?.listen((AuthenticationEvent authEvent) { setState(() { - _userData = userData; + switch (authEvent) { + case AuthenticationEventSignIn(): + _userData = authEvent.user; + case AuthenticationEventSignOut(): + case AuthenticationEventException(): + _userData = null; + } }); }); } void _handleSignOut() { - _platform.signOut(); - setState(() { - // signOut does not broadcast through the userDataEvents, so we fake it. - _userData = null; - }); + _platform.signOut(const SignOutParams()); } void _handleNewWebButtonConfiguration(GSIButtonConfiguration newConfig) { diff --git a/packages/google_sign_in/google_sign_in_web/example/pubspec.yaml b/packages/google_sign_in/google_sign_in_web/example/pubspec.yaml index e46d45cae90..a471462ed06 100644 --- a/packages/google_sign_in/google_sign_in_web/example/pubspec.yaml +++ b/packages/google_sign_in/google_sign_in_web/example/pubspec.yaml @@ -10,7 +10,7 @@ dependencies: flutter: sdk: flutter google_identity_services_web: ^0.3.1 - google_sign_in_platform_interface: ^2.5.0 + google_sign_in_platform_interface: ^3.0.0 google_sign_in_web: path: ../ diff --git a/packages/google_sign_in/google_sign_in_web/lib/google_sign_in_web.dart b/packages/google_sign_in/google_sign_in_web/lib/google_sign_in_web.dart index e6d3abc9e58..1285e60be97 100644 --- a/packages/google_sign_in/google_sign_in_web/lib/google_sign_in_web.dart +++ b/packages/google_sign_in/google_sign_in_web/lib/google_sign_in_web.dart @@ -3,12 +3,10 @@ // found in the LICENSE file. import 'dart:async'; -import 'dart:js_interop'; import 'dart:ui_web' as ui_web; import 'package:flutter/foundation.dart' show kDebugMode, visibleForTesting; import 'package:flutter/material.dart'; -import 'package:flutter/services.dart' show PlatformException; import 'package:flutter/widgets.dart'; import 'package:flutter_web_plugins/flutter_web_plugins.dart'; import 'package:google_identity_services_web/loader.dart' as loader; @@ -50,10 +48,10 @@ class GoogleSignInPlugin extends GoogleSignInPlatform { @visibleForTesting bool debugOverrideLoader = false, @visibleForTesting GisSdkClient? debugOverrideGisSdkClient, @visibleForTesting - StreamController? debugOverrideUserDataController, + StreamController? debugAuthenticationController, }) : _gisSdkClient = debugOverrideGisSdkClient, - _userDataController = debugOverrideUserDataController ?? - StreamController.broadcast() { + _authenticationController = debugAuthenticationController ?? + StreamController.broadcast() { autoDetectedClientId = web.document .querySelector(clientIdMetaSelector) ?.getAttribute(clientIdAttributeName); @@ -73,7 +71,7 @@ class GoogleSignInPlugin extends GoogleSignInPlatform { Completer? _initCalled; // A StreamController to communicate status changes from the GisSdkClient. - final StreamController _userDataController; + final StreamController _authenticationController; // The instance of [GisSdkClient] backing the plugin. GisSdkClient? _gisSdkClient; @@ -104,8 +102,8 @@ class GoogleSignInPlugin extends GoogleSignInPlatform { /// A future that resolves when the plugin is fully initialized. /// - /// This ensures that the SDK has been loaded, and that the `initWithParams` - /// method has finished running. + /// This ensures that the SDK has been loaded, and that the `init` method + /// has finished running. @visibleForTesting Future get initialized { _assertIsInitCalled(); @@ -123,22 +121,7 @@ class GoogleSignInPlugin extends GoogleSignInPlatform { } @override - Future init({ - List scopes = const [], - SignInOption signInOption = SignInOption.standard, - String? hostedDomain, - String? clientId, - }) { - return initWithParams(SignInInitParameters( - scopes: scopes, - signInOption: signInOption, - hostedDomain: hostedDomain, - clientId: clientId, - )); - } - - @override - Future initWithParams(SignInInitParameters params) async { + Future init(InitParameters params) async { final String? appClientId = params.clientId ?? autoDetectedClientId; assert( appClientId != null, @@ -149,162 +132,139 @@ class GoogleSignInPlugin extends GoogleSignInPlatform { assert(params.serverClientId == null, 'serverClientId is not supported on Web.'); - assert( - !params.scopes.any((String scope) => scope.contains(' ')), - "OAuth 2.0 Scopes for Google APIs can't contain spaces. " - 'Check https://developers.google.com/identity/protocols/googlescopes ' - 'for a list of valid OAuth 2.0 scopes.'); - - assert(params.forceAccountName == null, - 'forceAccountName is not supported on Web.'); - _initCalled = Completer(); await _jsSdkLoadedFuture; _gisSdkClient ??= GisSdkClient( clientId: appClientId!, + nonce: params.nonce, hostedDomain: params.hostedDomain, - initialScopes: List.from(params.scopes), - userDataController: _userDataController, + authenticationController: _authenticationController, loggingEnabled: kDebugMode, ); _initCalled!.complete(); // Signal that `init` is fully done. } - // Register a factory for the Button HtmlElementView. - void _registerButtonFactory() { - ui_web.platformViewRegistry.registerViewFactory( - 'gsi_login_button', - (int viewId) { - final web.Element element = web.document.createElement('div'); - element.setAttribute('style', - 'width: 100%; height: 100%; overflow: hidden; display: flex; flex-wrap: wrap; align-content: center; justify-content: center;'); - element.id = 'sign_in_button_$viewId'; - return element; - }, - ); - } - - /// Render the GSI button web experience. - Widget renderButton({GSIButtonConfiguration? configuration}) { - final GSIButtonConfiguration config = - configuration ?? GSIButtonConfiguration(); - return FutureBuilder( - key: Key(config.hashCode.toString()), - future: initialized, - builder: (BuildContext context, AsyncSnapshot snapshot) { - if (snapshot.hasData) { - return FlexHtmlElementView( - viewType: 'gsi_login_button', - onElementCreated: (Object element) { - _gisClient.renderButton(element, config); - }); - } - return const Text('Getting ready'); - }, - ); - } - @override - Future signInSilently() async { - await initialized; - - // The new user is being injected from the `userDataEvents` Stream. - return _gisClient.signInSilently(); + Future? attemptLightweightAuthentication( + AttemptLightweightAuthenticationParameters params) { + initialized.then((void value) { + _gisClient.requestOneTap(); + }); + // One tap does not necessarily return immediately, and may never return, + // so clients should not await it. Return null to signal that. + return null; } @override - Future signIn() async { - if (kDebugMode) { - web.console.warn( - "The `signIn` method is discouraged on the web because it can't reliably provide an `idToken`.\n" - 'Use `signInSilently` and `renderButton` to authenticate your users instead.\n' - 'Read more: https://pub.dev/packages/google_sign_in_web' - .toJS); - } - await initialized; - - // This method mainly does oauth2 authorization, which happens to also do - // authentication if needed. However, the authentication information is not - // returned anymore. - // - // This method will synthesize authentication information from the People API - // if needed (or use the last identity seen from signInSilently). - try { - return _gisClient.signIn(); - } catch (reason) { - throw PlatformException( - code: reason.toString(), - message: 'Exception raised from signIn', - details: - 'https://developers.google.com/identity/oauth2/web/guides/error', - ); - } - } + bool supportsAuthenticate() => false; @override - Future getTokens({ - required String email, - bool? shouldRecoverAuth, - }) async { - await initialized; + bool authorizationRequiresUserInteraction() => true; - return _gisClient.getTokens(); + @override + Future authenticate( + AuthenticateParameters params) async { + throw UnimplementedError('authenticate is not supported on the web. ' + 'Instead, use renderButton to create a sign-in widget.'); } @override - Future signOut() async { + Future signOut(SignOutParams params) async { await initialized; await _gisClient.signOut(); } @override - Future disconnect() async { + Future disconnect(DisconnectParams params) async { await initialized; await _gisClient.disconnect(); } @override - Future isSignedIn() async { + Future clientAuthorizationTokensForScopes( + ClientAuthorizationTokensForScopesParameters params) async { await initialized; - - return _gisClient.isSignedIn(); + _validateScopes(params.request.scopes); + + final String? token = await _gisClient.requestScopes(params.request.scopes, + promptIfUnauthorized: params.request.promptIfUnauthorized, + userHint: params.request.userId); + return token == null + ? null + : ClientAuthorizationTokenData(accessToken: token); } @override - Future clearAuthCache({required String token}) async { + Future serverAuthorizationTokensForScopes( + ServerAuthorizationTokensForScopesParameters params) async { await initialized; + _validateScopes(params.request.scopes); - await _gisClient.clearAuthCache(); - } + // There is no way to know whether the flow will prompt in advance, so + // always return null if prompting isn't allowed. + if (!params.request.promptIfUnauthorized) { + return null; + } - @override - Future requestScopes(List scopes) async { - await initialized; + final String? code = await _gisClient.requestServerAuthCode(params.request); + return code == null + ? null + : ServerAuthorizationTokenData(serverAuthCode: code); + } - return _gisClient.requestScopes(scopes); + void _validateScopes(List scopes) { + // Scope lists are space-delimited in the underlying implementation, so + // scopes must not contain any spaces. + // https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow#redirecting + assert( + !scopes.any((String scope) => scope.contains(' ')), + "OAuth 2.0 Scopes for Google APIs can't contain spaces. " + 'Check https://developers.google.com/identity/protocols/googlescopes ' + 'for a list of valid OAuth 2.0 scopes.'); } @override - Future canAccessScopes(List scopes, - {String? accessToken}) async { - await initialized; + Stream get authenticationEvents => + _authenticationController.stream; - return _gisClient.canAccessScopes(scopes, accessToken); - } + // -------- - @override - Stream? get userDataEvents => - _userDataController.stream; + // Register a factory for the Button HtmlElementView. + void _registerButtonFactory() { + ui_web.platformViewRegistry.registerViewFactory( + 'gsi_login_button', + (int viewId) { + final web.Element element = web.document.createElement('div'); + element.setAttribute('style', + 'width: 100%; height: 100%; overflow: hidden; display: flex; flex-wrap: wrap; align-content: center; justify-content: center;'); + element.id = 'sign_in_button_$viewId'; + return element; + }, + ); + } - /// Requests server auth code from GIS Client per: - /// https://developers.google.com/identity/oauth2/web/guides/use-code-model#initialize_a_code_client - Future requestServerAuthCode() async { - await initialized; - return _gisClient.requestServerAuthCode(); + /// Render the GSI button web experience. + Widget renderButton({GSIButtonConfiguration? configuration}) { + final GSIButtonConfiguration config = + configuration ?? GSIButtonConfiguration(); + return FutureBuilder( + key: Key(config.hashCode.toString()), + future: initialized, + builder: (BuildContext context, AsyncSnapshot snapshot) { + if (snapshot.hasData) { + return FlexHtmlElementView( + viewType: 'gsi_login_button', + onElementCreated: (Object element) { + _gisClient.renderButton(element, config); + }); + } + return const Text('Getting ready'); + }, + ); } } diff --git a/packages/google_sign_in/google_sign_in_web/lib/src/gis_client.dart b/packages/google_sign_in/google_sign_in_web/lib/src/gis_client.dart index 421ce1a187f..90bfc7c141e 100644 --- a/packages/google_sign_in/google_sign_in_web/lib/src/gis_client.dart +++ b/packages/google_sign_in/google_sign_in_web/lib/src/gis_client.dart @@ -12,7 +12,6 @@ import 'package:web/web.dart' as web; import 'button_configuration.dart' show GSIButtonConfiguration, convertButtonConfiguration; -import 'people.dart' as people; import 'utils.dart' as utils; /// A client to hide (most) of the interaction with the GIS SDK from the plugin. @@ -21,44 +20,29 @@ import 'utils.dart' as utils; class GisSdkClient { /// Create a GisSdkClient object. GisSdkClient({ - required List initialScopes, required String clientId, - required StreamController userDataController, + required StreamController authenticationController, bool loggingEnabled = false, + String? nonce, String? hostedDomain, - }) : _initialScopes = initialScopes, + }) : _clientId = clientId, + _hostedDomain = hostedDomain, _loggingEnabled = loggingEnabled, - _userDataEventsController = userDataController { + _authenticationController = authenticationController { if (_loggingEnabled) { id.setLogLevel('debug'); } - // Configure the Stream objects that are going to be used by the clients. - _configureStreams(); + _configureAuthenticationStream(); - // Initialize the SDK clients we need. + // Initialize the authentication SDK client. Authorization clients will be + // created as one-offs as needed. _initializeIdClient( clientId, onResponse: _onCredentialResponse, + nonce: nonce, hostedDomain: hostedDomain, useFedCM: true, ); - - _tokenClient = _initializeTokenClient( - clientId, - hostedDomain: hostedDomain, - onResponse: _onTokenResponse, - onError: _onTokenError, - ); - - if (initialScopes.isNotEmpty) { - _codeClient = _initializeCodeClient( - clientId, - hostedDomain: hostedDomain, - onResponse: _onCodeResponse, - onError: _onCodeError, - scopes: initialScopes, - ); - } } void _logIfEnabled(String message, [List? more]) { @@ -69,61 +53,38 @@ class GisSdkClient { } } - // Configure the credential (authentication) and token (authorization) response streams. - void _configureStreams() { - _tokenResponses = StreamController.broadcast(); + // Configure the credential (authentication) response stream. + void _configureAuthenticationStream() { _credentialResponses = StreamController.broadcast(); - _codeResponses = StreamController.broadcast(); - - _tokenResponses.stream.listen((TokenResponse response) { - _lastTokenResponse = response; - _lastTokenResponseExpiration = - DateTime.now().add(Duration(seconds: response.expires_in!)); - }, onError: (Object error) { - _logIfEnabled('Error on TokenResponse:', [error.toString()]); - _lastTokenResponse = null; - }); - - _codeResponses.stream.listen((CodeResponse response) { - _lastCodeResponse = response; - }, onError: (Object error) { - _logIfEnabled('Error on CodeResponse:', [error.toString()]); - _lastCodeResponse = null; - }); - - _credentialResponses.stream.listen((CredentialResponse response) { - _lastCredentialResponse = response; - }, onError: (Object error) { - _logIfEnabled('Error on CredentialResponse:', [error.toString()]); - _lastCredentialResponse = null; - }); // In the future, the userDataEvents could propagate null userDataEvents too. _credentialResponses.stream - .map(utils.gisResponsesToUserData) - .handleError(_cleanCredentialResponsesStreamErrors) - .forEach(_userDataEventsController.add); + .map(utils.gisResponsesToAuthenticationEvent) + .handleError(_convertCredentialResponsesStreamErrors) + .forEach(_authenticationController.add); } // This function handles the errors that on the _credentialResponses Stream. // - // Most of the time, these errors are part of the flow (like when One Tap UX - // cannot be rendered), and the stream of userDataEvents doesn't care about - // them. - // // (This has been separated to a function so the _configureStreams formatting // looks a little bit better) - void _cleanCredentialResponsesStreamErrors(Object error) { - _logIfEnabled( - 'Removing error from `userDataEvents`:', - [error.toString()], - ); + void _convertCredentialResponsesStreamErrors(Object error) { + _logIfEnabled('Error on CredentialResponse:', [error.toString()]); + if (error is GoogleSignInException) { + _authenticationController.add(AuthenticationEventException(error)); + } else { + _authenticationController.add(AuthenticationEventException( + GoogleSignInException( + code: GoogleSignInExceptionCode.unknownError, + description: error.toString()))); + } } // Initializes the `id` SDK for the silent-sign in (authentication) client. void _initializeIdClient( String clientId, { required CallbackFn onResponse, + String? nonce, String? hostedDomain, bool? useFedCM, }) { @@ -133,6 +94,7 @@ class GisSdkClient { callback: onResponse, cancel_on_tap_outside: false, auto_select: true, // Attempt to sign-in silently. + nonce: nonce, hd: hostedDomain, use_fedcm_for_prompt: useFedCM, // Use the native browser prompt, when available. @@ -144,8 +106,9 @@ class GisSdkClient { // // (Normal doesn't mean successful, this might contain `error` information.) void _onCredentialResponse(CredentialResponse response) { - if (response.error != null) { - _credentialResponses.addError(response.error!); + final String? error = response.error; + if (error != null) { + _credentialResponses.addError(error); } else { _credentialResponses.add(response); } @@ -154,99 +117,53 @@ class GisSdkClient { // Creates a `oauth2.TokenClient` used for authorization (scope) requests. TokenClient _initializeTokenClient( String clientId, { + required List scopes, + String? userHint, String? hostedDomain, required TokenClientCallbackFn onResponse, required ErrorCallbackFn onError, }) { // Create a Token Client for authorization calls. final TokenClientConfig tokenConfig = TokenClientConfig( + prompt: userHint == null ? '' : 'select_account', client_id: clientId, + login_hint: userHint, hd: hostedDomain, - callback: _onTokenResponse, - error_callback: _onTokenError, - // This is here only to satisfy the initialization of the JS TokenClient. - // In reality, `scope` is always overridden when calling `requestScopes` - // (or the deprecated `signIn`) through an [OverridableTokenClientConfig] - // object. - scope: [' '], // Fake (but non-empty) list of scopes. + callback: onResponse, + error_callback: onError, + scope: scopes, ); return oauth2.initTokenClient(tokenConfig); } - // Handle a "normal" token (authorization) response. - // - // (Normal doesn't mean successful, this might contain `error` information.) - void _onTokenResponse(TokenResponse response) { - if (response.error != null) { - _tokenResponses.addError(response.error!); - } else { - _tokenResponses.add(response); - } - } - - // Handle a "not-directly-related-to-authorization" error. - // - // Token clients have an additional `error_callback` for miscellaneous - // errors, like "popup couldn't open" or "popup closed by user". - void _onTokenError(GoogleIdentityServicesError? error) { - if (error != null) { - _tokenResponses.addError(error.type); - } - } - // Creates a `oauth2.CodeClient` used for authorization (scope) requests. - CodeClient _initializeCodeClient( - String clientId, { - String? hostedDomain, + CodeClient _initializeCodeClient({ + String? userHint, required List scopes, required CodeClientCallbackFn onResponse, required ErrorCallbackFn onError, }) { // Create a Token Client for authorization calls. final CodeClientConfig codeConfig = CodeClientConfig( - client_id: clientId, - hd: hostedDomain, - callback: _onCodeResponse, - error_callback: _onCodeError, + client_id: _clientId, + login_hint: userHint, + hd: _hostedDomain, + callback: onResponse, + error_callback: onError, scope: scopes, - select_account: true, + select_account: userHint == null, + include_granted_scopes: true, ux_mode: UxMode.popup, ); return oauth2.initCodeClient(codeConfig); } - void _onCodeResponse(CodeResponse response) { - if (response.error != null) { - _codeResponses.addError(response.error!); - } else { - _codeResponses.add(response); - } - } - - void _onCodeError(GoogleIdentityServicesError? error) { - if (error != null) { - _codeResponses.addError(error.type); - } - } - /// Attempts to sign-in the user using the OneTap UX flow. - /// - /// If the user consents, to OneTap, the [GoogleSignInUserData] will be - /// generated from a proper [CredentialResponse], which contains `idToken`. - /// Else, it'll be synthesized by a request to the People API later, and the - /// `idToken` will be null. - Future signInSilently() async { - final Completer userDataCompleter = - Completer(); - + void requestOneTap() { // Ask the SDK to render the OneClick sign-in. // // And also handle its "moments". - id.prompt((PromptMomentNotification moment) { - _onPromptMoment(moment, userDataCompleter); - }); - - return userDataCompleter.future; + id.prompt(_onPromptMoment); } // Handles "prompt moments" of the OneClick card UI. @@ -254,36 +171,37 @@ class GisSdkClient { // See: https://developers.google.com/identity/gsi/web/guides/receive-notifications-prompt-ui-status Future _onPromptMoment( PromptMomentNotification moment, - Completer completer, ) async { - if (completer.isCompleted) { - return; // Skip once the moment has been handled. + if (moment.isDismissedMoment()) { + final MomentDismissedReason? reason = moment.getDismissedReason(); + switch (reason) { + case MomentDismissedReason.credential_returned: + // Nothing to do here, as the success handler will run. + break; + case MomentDismissedReason.cancel_called: + _credentialResponses.addError(const GoogleSignInException( + code: GoogleSignInExceptionCode.canceled)); + case MomentDismissedReason.flow_restarted: + // Ignore, as this is not a final state. + break; + case MomentDismissedReason.unknown_reason: + case null: + _credentialResponses.addError(GoogleSignInException( + code: GoogleSignInExceptionCode.unknownError, + description: 'dismissed: $reason')); + } + return; } - if (moment.isDismissedMoment() && - moment.getDismissedReason() == - MomentDismissedReason.credential_returned) { - // Kick this part of the handler to the bottom of the JS event queue, so - // the _credentialResponses stream has time to propagate its last value, - // and we can use _lastCredentialResponse. - return Future.delayed(Duration.zero, () { - completer - .complete(utils.gisResponsesToUserData(_lastCredentialResponse)); - }); + if (moment.isSkippedMoment()) { + // getSkippedReason is not used in the exception details here, per + // https://developers.google.com/identity/gsi/web/guides/fedcm-migration + _credentialResponses.addError(const GoogleSignInException( + code: GoogleSignInExceptionCode.canceled)); } - // In any other 'failed' moments, return null and add an error to the stream. - if (moment.isNotDisplayed() || - moment.isSkippedMoment() || - moment.isDismissedMoment()) { - final String reason = moment.getNotDisplayedReason()?.toString() ?? - moment.getSkippedReason()?.toString() ?? - moment.getDismissedReason()?.toString() ?? - 'unknown_error'; - - _credentialResponses.addError(reason); - completer.complete(null); - } + // isNotDisplayed is intentionally ignored, per + // https://developers.google.com/identity/gsi/web/guides/fedcm-migration } /// Calls `id.renderButton` on [parent] with the given [options]. @@ -296,208 +214,162 @@ class GisSdkClient { /// Requests a server auth code per: /// https://developers.google.com/identity/oauth2/web/guides/use-code-model#initialize_a_code_client - Future requestServerAuthCode() async { - // TODO(dit): Enable granular authorization, https://github.com/flutter/flutter/issues/139406 - assert(_codeClient != null, - 'CodeClient not initialized correctly. Ensure the `scopes` list passed to `init()` or `initWithParams()` is not empty!'); - if (_codeClient == null) { - return null; - } - _codeClient!.requestCode(); - final CodeResponse response = await _codeResponses.stream.first; - return response.code; - } - - // TODO(dit): Clean this up. https://github.com/flutter/flutter/issues/137727 - // - /// Starts an oauth2 "implicit" flow to authorize requests. - /// - /// The new GIS SDK does not return user authentication from this flow, so: - /// * If [_lastCredentialResponse] is **not** null (the user has successfully - /// `signInSilently`), we return that after this method completes. - /// * If [_lastCredentialResponse] is null, we add [people.scopes] to the - /// [_initialScopes], so we can retrieve User Profile information back - /// from the People API (without idToken). See [people.requestUserData]. - @Deprecated( - 'Use `renderButton` instead. See: https://pub.dev/packages/google_sign_in_web#migrating-to-v011-and-v012-google-identity-services') - Future signIn() async { - // Warn users that this method will be removed. - web.console.warn( - 'The google_sign_in plugin `signIn` method is deprecated on the web, and will be removed in Q2 2024. Please use `renderButton` instead. See: ' - 'https://pub.dev/packages/google_sign_in_web#migrating-to-v011-and-v012-google-identity-services' - .toJS); - // If we already know the user, use their `email` as a `hint`, so they don't - // have to pick their user again in the Authorization popup. - final GoogleSignInUserData? knownUser = - utils.gisResponsesToUserData(_lastCredentialResponse); - // This toggles a popup, so `signIn` *must* be called with - // user activation. - _tokenClient.requestAccessToken(OverridableTokenClientConfig( - prompt: knownUser == null ? 'select_account' : '', - login_hint: knownUser?.email, - scope: [ - ..._initialScopes, - // If the user hasn't gone through the auth process, - // the plugin will attempt to `requestUserData` after, - // so we need extra scopes to retrieve that info. - if (_lastCredentialResponse == null) ...people.scopes, - ], - )); - - await _tokenResponses.stream.first; - - return _computeUserDataForLastToken(); - } + Future requestServerAuthCode( + AuthorizationRequestDetails request) async { + final Completer<(String? code, Exception? e)> completer = + Completer<(String? code, Exception? e)>(); + final CodeClient codeClient = _initializeCodeClient( + userHint: request.userId, + onResponse: (CodeResponse response) { + final String? error = response.error; + if (error == null) { + completer.complete((response.code, null)); + } else { + completer.complete(( + null, + GoogleSignInException( + code: GoogleSignInExceptionCode.unknownError, + description: response.error_description, + details: 'code: $error') + )); + } + }, + onError: (GoogleIdentityServicesError? error) { + completer.complete((null, _exceptionForGisError(error))); + }, + scopes: request.scopes, + ); - // This function returns the currently signed-in [GoogleSignInUserData]. - // - // It'll do a request to the People API (if needed). - // - // TODO(dit): Clean this up. https://github.com/flutter/flutter/issues/137727 - Future _computeUserDataForLastToken() async { - // If the user hasn't authenticated, request their basic profile info - // from the People API. - // - // This synthetic response will *not* contain an `idToken` field. - if (_lastCredentialResponse == null && _requestedUserData == null) { - assert(_lastTokenResponse != null); - _requestedUserData = await people.requestUserData(_lastTokenResponse!); + codeClient.requestCode(); + final (String? code, Exception? e) = await completer.future; + if (e != null) { + throw e; } - // Complete user data either with the _lastCredentialResponse seen, - // or the synthetic _requestedUserData from above. - return utils.gisResponsesToUserData(_lastCredentialResponse) ?? - _requestedUserData; - } - - /// Returns a [GoogleSignInTokenData] from the latest seen responses. - GoogleSignInTokenData getTokens() { - return utils.gisResponsesToTokenData( - _lastCredentialResponse, - _lastTokenResponse, - _lastCodeResponse, - ); + return code; } /// Revokes the current authentication. Future signOut() async { - await clearAuthCache(); + _lastClientAuthorizationByUser.clear(); id.disableAutoSelect(); + _authenticationController.add(AuthenticationEventSignOut()); } - /// Revokes the current authorization and authentication. + /// Revokes all cached authorization tokens. Future disconnect() async { - if (_lastTokenResponse != null) { - oauth2.revoke(_lastTokenResponse!.access_token!); - } + _lastClientAuthorizationByUser.values + .map(((TokenResponse?, DateTime?) auth) => auth.$1?.access_token) + .nonNulls + .forEach(oauth2.revoke); + _lastClientAuthorizationByUser.clear(); await signOut(); } - /// Returns true if the client has recognized this user before, and the last-seen - /// credential is not expired. - Future isSignedIn() async { - bool isSignedIn = false; - if (_lastCredentialResponse != null) { - final DateTime? expiration = utils - .getCredentialResponseExpirationTimestamp(_lastCredentialResponse); - // All Google ID Tokens provide an "exp" date. If the method above cannot - // extract `expiration`, it's because `_lastCredentialResponse`'s contents - // are unexpected (or wrong) in any way. - // - // Users are considered to be signedIn when the last CredentialResponse - // exists and has an expiration date in the future. - // - // Users are not signed in in any other case. - // - // See: https://developers.google.com/identity/openid-connect/openid-connect#an-id-tokens-payload - isSignedIn = expiration?.isAfter(DateTime.now()) ?? false; - } - - return isSignedIn || _requestedUserData != null; - } - - /// Clears all the cached results from authentication and authorization. - Future clearAuthCache() async { - _lastCredentialResponse = null; - _lastTokenResponse = null; - _requestedUserData = null; - _lastCodeResponse = null; - } - - /// Requests the list of [scopes] passed in to the client. + /// Requests the given list of [scopes], and returns the resulting + /// authorization token if successful. /// /// Keeps the previously granted scopes. - Future requestScopes(List scopes) async { - // If we already know the user, use their `email` as a `hint`, so they don't - // have to pick their user again in the Authorization popup. - final GoogleSignInUserData? knownUser = - utils.gisResponsesToUserData(_lastCredentialResponse); - - _tokenClient.requestAccessToken(OverridableTokenClientConfig( - prompt: knownUser == null ? 'select_account' : '', - login_hint: knownUser?.email, - scope: scopes, - include_granted_scopes: true, - )); + Future requestScopes(List scopes, + {required bool promptIfUnauthorized, String? userHint}) async { + // If there's a usable cached token, return that. + final (TokenResponse? cachedResponse, DateTime? cacheExpiration) = + _lastClientAuthorizationByUser[userHint] ?? (null, null); + if (cachedResponse != null) { + final bool isTokenValid = + cacheExpiration?.isAfter(DateTime.now()) ?? false; + if (isTokenValid && oauth2.hasGrantedAllScopes(cachedResponse, scopes)) { + return cachedResponse.access_token; + } + } + + if (!promptIfUnauthorized) { + return null; + } - await _tokenResponses.stream.first; + final Completer<(String? token, Exception? e)> completer = + Completer<(String? token, Exception? e)>(); + final TokenClient tokenClient = _initializeTokenClient( + _clientId, + scopes: scopes, + userHint: userHint, + hostedDomain: _hostedDomain, + onResponse: (TokenResponse response) { + final String? error = response.error; + if (error == null) { + final String? token = response.access_token; + if (token == null) { + _lastClientAuthorizationByUser.remove(userHint); + } else { + final DateTime expiration = + DateTime.now().add(Duration(seconds: response.expires_in!)); + _lastClientAuthorizationByUser[userHint] = (response, expiration); + } + completer.complete((response.access_token, null)); + } else { + _lastClientAuthorizationByUser.remove(userHint); + completer.complete(( + null, + GoogleSignInException( + code: GoogleSignInExceptionCode.unknownError, + description: response.error_description, + details: 'code: $error') + )); + } + }, + onError: (GoogleIdentityServicesError? error) { + _lastClientAuthorizationByUser.remove(userHint); + completer.complete((null, _exceptionForGisError(error))); + }, + ); + tokenClient.requestAccessToken(); - return oauth2.hasGrantedAllScopes(_lastTokenResponse!, scopes); + final (String? token, Exception? e) = await completer.future; + if (e != null) { + throw e; + } + return token; } - /// Checks if the passed-in `accessToken` can access all `scopes`. - /// - /// This validates that the `accessToken` is the same as the last seen - /// token response, that the token is not expired, then uses that response to - /// check if permissions are still granted. - Future canAccessScopes(List scopes, String? accessToken) async { - if (accessToken != null && _lastTokenResponse != null) { - if (accessToken == _lastTokenResponse!.access_token) { - final bool isTokenValid = - _lastTokenResponseExpiration?.isAfter(DateTime.now()) ?? false; - return isTokenValid && - oauth2.hasGrantedAllScopes(_lastTokenResponse!, scopes); - } + GoogleSignInException _exceptionForGisError( + GoogleIdentityServicesError? error) { + final GoogleSignInExceptionCode code; + switch (error?.type) { + case GoogleIdentityServicesErrorType.missing_required_parameter: + code = GoogleSignInExceptionCode.clientConfigurationError; + case GoogleIdentityServicesErrorType.popup_closed: + code = GoogleSignInExceptionCode.canceled; + case GoogleIdentityServicesErrorType.popup_failed_to_open: + code = GoogleSignInExceptionCode.uiUnavailable; + case GoogleIdentityServicesErrorType.unknown: + case null: + code = GoogleSignInExceptionCode.unknownError; } - return false; + return GoogleSignInException( + code: code, + description: error?.message ?? 'SDK returned no error details'); } final bool _loggingEnabled; - // The scopes initially requested by the developer. - // - // We store this because we might need to add more at `signIn`. If the user - // doesn't `silentSignIn`, we expand this list to consult the People API to - // return some basic Authentication information. - final List _initialScopes; + // The identifier of this web client. + final String _clientId; - // The Google Identity Services client for oauth requests. - late TokenClient _tokenClient; - // CodeClient will not be created if `initialScopes` is empty. - CodeClient? _codeClient; + /// The domain to restrict logins to. + final String? _hostedDomain; - // Streams of credential and token responses. + // Stream of credential responses from sign-in events. late StreamController _credentialResponses; - late StreamController _tokenResponses; - late StreamController _codeResponses; - // The last-seen credential and token responses - CredentialResponse? _lastCredentialResponse; - TokenResponse? _lastTokenResponse; - // Expiration timestamp for the lastTokenResponse, which only has an `expires_in` field. - DateTime? _lastTokenResponseExpiration; - CodeResponse? _lastCodeResponse; + // The last client authorization token responses, keyed by the user ID the + // authorization was requested for. A nil key stores the last authorization + // request that was not associated with a known user (i.e., no user ID hint + // was provided with the request). + final Map + _lastClientAuthorizationByUser = + {}; /// The StreamController onto which the GIS Client propagates user authentication events. /// /// This is provided by the implementation of the plugin. - final StreamController _userDataEventsController; - - // If the user *authenticates* (signs in) through oauth2, the SDK doesn't return - // identity information anymore, so we synthesize it by calling the PeopleAPI - // (if needed) - // - // (This is a synthetic _lastCredentialResponse) - // - // TODO(dit): Clean this up. https://github.com/flutter/flutter/issues/137727 - GoogleSignInUserData? _requestedUserData; + final StreamController _authenticationController; } diff --git a/packages/google_sign_in/google_sign_in_web/lib/src/people.dart b/packages/google_sign_in/google_sign_in_web/lib/src/people.dart deleted file mode 100644 index 528dc89b1a7..00000000000 --- a/packages/google_sign_in/google_sign_in_web/lib/src/people.dart +++ /dev/null @@ -1,152 +0,0 @@ -// Copyright 2013 The Flutter Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -import 'dart:convert'; - -import 'package:flutter/foundation.dart'; -import 'package:google_identity_services_web/oauth2.dart'; -import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; -import 'package:http/http.dart' as http; - -/// Basic scopes for self-id -const List scopes = [ - 'https://www.googleapis.com/auth/userinfo.profile', - 'https://www.googleapis.com/auth/userinfo.email', -]; - -/// People API to return my profile info... -const String MY_PROFILE = 'https://content-people.googleapis.com/v1/people/me' - '?sources=READ_SOURCE_TYPE_PROFILE' - '&personFields=photos%2Cnames%2CemailAddresses'; - -/// Requests user data from the People API using the given [tokenResponse]. -Future requestUserData( - TokenResponse tokenResponse, { - @visibleForTesting http.Client? overrideClient, -}) async { - // Request my profile from the People API. - final Map person = await _doRequest( - MY_PROFILE, - tokenResponse, - overrideClient: overrideClient, - ); - - // Now transform the Person response into a GoogleSignInUserData. - return extractUserData(person); -} - -/// Extracts user data from a Person resource. -/// -/// See: https://developers.google.com/people/api/rest/v1/people#Person -GoogleSignInUserData? extractUserData(Map json) { - final String? userId = _extractUserId(json); - final String? email = _extractPrimaryField( - json['emailAddresses'] as List?, - 'value', - ); - - assert(userId != null); - assert(email != null); - - return GoogleSignInUserData( - id: userId!, - email: email!, - displayName: _extractPrimaryField( - json['names'] as List?, - 'displayName', - ), - photoUrl: _extractPrimaryField( - json['photos'] as List?, - 'url', - ), - // Synthetic user data doesn't contain an idToken! - ); -} - -/// Extracts the ID from a Person resource. -/// -/// The User ID looks like this: -/// { -/// 'resourceName': 'people/PERSON_ID', -/// ... -/// } -String? _extractUserId(Map profile) { - final String? resourceName = profile['resourceName'] as String?; - return resourceName?.split('/').last; -} - -/// Extracts the [fieldName] marked as 'primary' from a list of [values]. -/// -/// Values can be one of: -/// * `emailAddresses` -/// * `names` -/// * `photos` -/// -/// From a Person object. -T? _extractPrimaryField(List? values, String fieldName) { - if (values != null) { - for (final Object? value in values) { - if (value != null && value is Map) { - final bool isPrimary = _extractPath( - value, - path: ['metadata', 'primary'], - defaultValue: false, - ); - if (isPrimary) { - return value[fieldName] as T?; - } - } - } - } - - return null; -} - -/// Attempts to get the property in [path] of type `T` from a deeply nested [source]. -/// -/// Returns [default] if the property is not found. -T _extractPath( - Map source, { - required List path, - required T defaultValue, -}) { - final String valueKey = path.removeLast(); - Object? data = source; - for (final String key in path) { - if (data != null && data is Map) { - data = data[key]; - } else { - break; - } - } - if (data != null && data is Map) { - return (data[valueKey] ?? defaultValue) as T; - } else { - return defaultValue; - } -} - -/// Gets from [url] with an authorization header defined by [token]. -/// -/// Attempts to [jsonDecode] the result. -Future> _doRequest( - String url, - TokenResponse token, { - http.Client? overrideClient, -}) async { - final Uri uri = Uri.parse(url); - final http.Client client = overrideClient ?? http.Client(); - try { - final http.Response response = - await client.get(uri, headers: { - 'Authorization': '${token.token_type} ${token.access_token}', - }); - if (response.statusCode != 200) { - throw http.ClientException(response.body, uri); - } - return jsonDecode(response.body) as Map; - } finally { - client.close(); - } -} diff --git a/packages/google_sign_in/google_sign_in_web/lib/src/utils.dart b/packages/google_sign_in/google_sign_in_web/lib/src/utils.dart index 05ed6a877d1..0f27f04d195 100644 --- a/packages/google_sign_in/google_sign_in_web/lib/src/utils.dart +++ b/packages/google_sign_in/google_sign_in_web/lib/src/utils.dart @@ -5,7 +5,6 @@ import 'dart:convert'; import 'package:google_identity_services_web/id.dart'; -import 'package:google_identity_services_web/oauth2.dart'; import 'package:google_sign_in_platform_interface/google_sign_in_platform_interface.dart'; /// A codec that can encode/decode JWT payloads. @@ -65,7 +64,7 @@ Map? getResponsePayload(CredentialResponse? response) { /// /// May return `null`, if the `credentialResponse` is null, or its `credential` /// cannot be decoded. -GoogleSignInUserData? gisResponsesToUserData( +AuthenticationEvent? gisResponsesToAuthenticationEvent( CredentialResponse? credentialResponse) { final Map? payload = getResponsePayload(credentialResponse); if (payload == null) { @@ -75,12 +74,15 @@ GoogleSignInUserData? gisResponsesToUserData( assert(credentialResponse?.credential != null, 'The CredentialResponse cannot be null and have a payload.'); - return GoogleSignInUserData( - email: payload['email']! as String, - id: payload['sub']! as String, - displayName: payload['name'] as String?, - photoUrl: payload['picture'] as String?, - idToken: credentialResponse!.credential, + return AuthenticationEventSignIn( + user: GoogleSignInUserData( + email: payload['email']! as String, + id: payload['sub']! as String, + displayName: payload['name'] as String?, + photoUrl: payload['picture'] as String?, + ), + authenticationTokens: + AuthenticationTokenData(idToken: credentialResponse!.credential), ); } @@ -96,16 +98,3 @@ DateTime? getCredentialResponseExpirationTimestamp( // Return 'exp' (a timestamp in seconds since Epoch) as a DateTime. return (exp != null) ? DateTime.fromMillisecondsSinceEpoch(exp * 1000) : null; } - -/// Converts responses from the GIS library into TokenData for the plugin. -GoogleSignInTokenData gisResponsesToTokenData( - CredentialResponse? credentialResponse, - TokenResponse? tokenResponse, [ - CodeResponse? codeResponse, -]) { - return GoogleSignInTokenData( - idToken: credentialResponse?.credential, - accessToken: tokenResponse?.access_token, - serverAuthCode: codeResponse?.code, - ); -} diff --git a/packages/google_sign_in/google_sign_in_web/lib/web_only.dart b/packages/google_sign_in/google_sign_in_web/lib/web_only.dart index 34f153d0aef..899a88cd45a 100644 --- a/packages/google_sign_in/google_sign_in_web/lib/web_only.dart +++ b/packages/google_sign_in/google_sign_in_web/lib/web_only.dart @@ -39,10 +39,3 @@ GoogleSignInPlugin get _plugin { Widget renderButton({GSIButtonConfiguration? configuration}) { return _plugin.renderButton(configuration: configuration); } - -/// Requests server auth code from the GIS Client. -/// -/// See: https://developers.google.com/identity/oauth2/web/guides/use-code-model -Future requestServerAuthCode() async { - return _plugin.requestServerAuthCode(); -} diff --git a/packages/google_sign_in/google_sign_in_web/pubspec.yaml b/packages/google_sign_in/google_sign_in_web/pubspec.yaml index b29fb07dcf9..faffd0143d1 100644 --- a/packages/google_sign_in/google_sign_in_web/pubspec.yaml +++ b/packages/google_sign_in/google_sign_in_web/pubspec.yaml @@ -3,7 +3,7 @@ description: Flutter plugin for Google Sign-In, a secure authentication system for signing in with a Google account on Android, iOS and Web. repository: https://github.com/flutter/packages/tree/main/packages/google_sign_in/google_sign_in_web issue_tracker: https://github.com/flutter/flutter/issues?q=is%3Aissue+is%3Aopen+label%3A%22p%3A+google_sign_in%22 -version: 0.12.4+4 +version: 1.0.0 environment: sdk: ^3.6.0 @@ -23,7 +23,7 @@ dependencies: flutter_web_plugins: sdk: flutter google_identity_services_web: ^0.3.1 - google_sign_in_platform_interface: ^2.5.0 + google_sign_in_platform_interface: ^3.0.0 http: ">=0.13.0 <2.0.0" web: ">=0.5.1 <2.0.0" diff --git a/script/configs/exclude_all_packages_app.yaml b/script/configs/exclude_all_packages_app.yaml index 080d15b97e9..cd350b3878c 100644 --- a/script/configs/exclude_all_packages_app.yaml +++ b/script/configs/exclude_all_packages_app.yaml @@ -14,3 +14,6 @@ # Breaking change in the process of being landed. This will be removed # once all the layers have landed. - google_sign_in_platform_interface +- google_sign_in_android +- google_sign_in_ios +- google_sign_in_web