Add ability to clear auth cache on Android (#799)

mehmetf · web-flow · commit a44b10581c52 · 2018-09-27T14:45:54.000-07:00
diff --git a/packages/google_sign_in/CHANGELOG.md b/packages/google_sign_in/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 3.2.0
+
+* Add support for clearing authentication cache for Android.
+
 ## 3.1.0
 
 * Add support to recover authentication for Android.
diff --git a/packages/google_sign_in/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java b/packages/google_sign_in/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java
@@ -7,6 +7,7 @@
 import android.accounts.Account;
 import android.app.Activity;
 import android.content.Intent;
+import com.google.android.gms.auth.GoogleAuthException;
 import com.google.android.gms.auth.GoogleAuthUtil;
 import com.google.android.gms.auth.UserRecoverableAuthException;
 import com.google.android.gms.auth.api.signin.GoogleSignIn;
@@ -27,6 +28,7 @@
 import io.flutter.plugin.common.MethodChannel.MethodCallHandler;
 import io.flutter.plugin.common.MethodChannel.Result;
 import io.flutter.plugin.common.PluginRegistry;
+import java.io.IOException;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -45,6 +47,7 @@ public class GoogleSignInPlugin implements MethodCallHandler {
   private static final String METHOD_SIGN_OUT = "signOut";
   private static final String METHOD_DISCONNECT = "disconnect";
   private static final String METHOD_IS_SIGNED_IN = "isSignedIn";
+  private static final String METHOD_CLEAR_AUTH_CACHE = "clearAuthCache";
 
   private final IDelegate delegate;
 
@@ -86,6 +89,11 @@ public void onMethodCall(MethodCall call, Result result) {
         delegate.signOut(result);
         break;
 
+      case METHOD_CLEAR_AUTH_CACHE:
+        String token = call.argument("token");
+        delegate.clearAuthCache(result, token);
+        break;
+
       case METHOD_DISCONNECT:
         delegate.disconnect(result);
         break;
@@ -130,6 +138,12 @@ public void init(
      */
     public void getTokens(final Result result, final String email, final boolean shouldRecoverAuth);
 
+    /**
+     * Clears the token from any client cache forcing the next {@link #getTokens} call to fetch a
+     * new one.
+     */
+    public void clearAuthCache(final Result result, final String token);
+
     /**
      * Signs the user out. Their credentials may remain valid, meaning they'll be able to silently
      * sign back in.
@@ -387,18 +401,15 @@ private static class PendingOperation {
       }
     }
 
-    private void recoverAuthFromException(final UserRecoverableAuthException exception) {
-      registrar
-          .activity()
-          .runOnUiThread(
-              new Runnable() {
-                @Override
-                public void run() {
-                  registrar
-                      .activity()
-                      .startActivityForResult(exception.getIntent(), REQUEST_CODE_RECOVER_AUTH);
-                }
-              });
+    /** Clears the token kept in the client side cache. */
+    @Override
+    public void clearAuthCache(Result result, String token) {
+      try {
+        GoogleAuthUtil.clearToken(registrar.context(), token);
+        result.success(null);
+      } catch (GoogleAuthException | IOException e) {
+        result.error(ERROR_REASON_EXCEPTION, e.getMessage(), e);
+      }
     }
 
     /**
@@ -411,8 +422,6 @@ public void run() {
     @Override
     public void getTokens(
         final Result result, final String email, final boolean shouldRecoverAuth) {
-      // TODO(issue/11107): Add back the checkAndSetPendingOperation once getTokens is properly
-      // gated from Dart code. Change result.success/error calls below to use finishWith()
       if (email == null) {
         result.error(ERROR_REASON_EXCEPTION, "Email is null", null);
         return;
@@ -428,6 +437,9 @@ public String call() throws Exception {
             }
           };
 
+      // Background task runner has a single thread effectively serializing
+      // the getToken calls. 1p apps can then enjoy the token cache if multiple
+      // getToken calls are coming in.
       backgroundTaskRunner.runInBackground(
           getTokenTask,
           new BackgroundTaskRunner.Callback<String>() {
@@ -440,10 +452,13 @@ public void run(Future<String> tokenFuture) {
                 result.success(tokenResult);
               } catch (ExecutionException e) {
                 if (e.getCause() instanceof UserRecoverableAuthException) {
-                  if (shouldRecoverAuth) {
-                    // Move this to top of getTokens method.
+                  if (shouldRecoverAuth && pendingOperation == null) {
                     checkAndSetPendingOperation(METHOD_GET_TOKENS, result, email);
-                    recoverAuthFromException((UserRecoverableAuthException) e.getCause());
+                    Intent recoveryIntent =
+                        ((UserRecoverableAuthException) e.getCause()).getIntent();
+                    registrar
+                        .activity()
+                        .startActivityForResult(recoveryIntent, REQUEST_CODE_RECOVER_AUTH);
                   } else {
                     result.error(ERROR_USER_RECOVERABLE_AUTH, e.getLocalizedMessage(), null);
                   }
diff --git a/packages/google_sign_in/ios/Classes/GoogleSignInPlugin.m b/packages/google_sign_in/ios/Classes/GoogleSignInPlugin.m
@@ -113,6 +113,10 @@ - (void)handleMethodCall:(FlutterMethodCall *)call result:(FlutterResult)result
     if ([self setAccountRequest:result]) {
       [[GIDSignIn sharedInstance] disconnect];
     }
+  } else if ([call.method isEqualToString:@"clearAuthCache"]) {
+    // There's nothing to be done here on iOS since the expired/invalid
+    // tokens are refreshed automatically by getTokensWithHandler.
+    result(nil);
   } else {
     result(FlutterMethodNotImplemented);
   }
diff --git a/packages/google_sign_in/lib/google_sign_in.dart b/packages/google_sign_in/lib/google_sign_in.dart
@@ -102,6 +102,18 @@ class GoogleSignInAccount implements GoogleIdentity {
     };
   }
 
+  /// Clears any client side cache that might be holding invalid tokens.
+  ///
+  /// If client runs into 401 errors using a token, it is expected to call
+  /// this method and grab `authHeaders` once again.
+  Future<void> clearAuthCache() async {
+    final String token = (await authentication).accessToken;
+    await GoogleSignIn.channel.invokeMethod(
+      'clearAuthCache',
+      <String, dynamic>{'token': token},
+    );
+  }
+
   @override
   bool operator ==(dynamic other) {
     if (identical(this, other)) return true;
diff --git a/packages/google_sign_in/pubspec.yaml b/packages/google_sign_in/pubspec.yaml
@@ -3,7 +3,7 @@ description: Flutter plugin for Google Sign-In, a secure authentication system
   for signing in with a Google account on Android and iOS.
 author: Flutter Team <flutter-dev@googlegroups.com>
 homepage: https://github.com/flutter/plugins/tree/master/packages/google_sign_in
-version: 3.1.0
+version: 3.2.0
 
 flutter:
   plugin:

Original file line number	Diff line number	Diff line change
`@@ -113,6 +113,10 @@ - (void)handleMethodCall:(FlutterMethodCall *)call result:(FlutterResult)result`
`113`	`113`	`if ([self setAccountRequest:result]) {`
`114`	`114`	`[[GIDSignIn sharedInstance] disconnect];`
`115`	`115`	`}`
	`116`	`+ } else if ([call.method isEqualToString:@"clearAuthCache"]) {`
	`117`	`+ // There's nothing to be done here on iOS since the expired/invalid`
	`118`	`+ // tokens are refreshed automatically by getTokensWithHandler.`
	`119`	`+ result(nil);`
`116`	`120`	`} else {`
`117`	`121`	`result(FlutterMethodNotImplemented);`
`118`	`122`	`}`