@superfan-app/spotify-auth 0.1.67 → 0.1.69

package/README.md

@@ -6,9 +6,10 @@ A modern Expo module for Spotify authentication in React Native apps. This modul
 
 - 🔐 Complete Spotify OAuth implementation
 - 🔄 Automatic token refresh
-- 📱 iOS support via native SDK
+- 📱 iOS support via native Spotify SDK
+- 🤖 Android support via Spotify Auth Library
 - ⚡️ Modern Expo development workflow
-- 🛡️ Secure token storage
+- 🛡️ Secure token storage (Keychain on iOS, EncryptedSharedPreferences on Android)
 - 🔧 TypeScript support
 - 📝 Comprehensive error handling
 
@@ -57,7 +58,9 @@ npx expo install expo-dev-client
    - Format: `your-app-scheme://callback`
    - Example: `my-spotify-app://callback`
 
-4. Implement token swap/refresh endpoints on your backend (see Backend Requirements below)
+4. **Android only:** Register your app's [SHA-1 fingerprint](https://developer.spotify.com/documentation/android/tutorials/application-fingerprints) in the Spotify Developer Dashboard.
+
+5. Implement token swap/refresh endpoints on your backend (see Backend Requirements below)
 
 ## Usage
 
@@ -203,6 +206,11 @@ npx expo prebuild --clean
 npx expo run:ios
 ```
 
+4. Run on Android:
+```bash
+npx expo run:android
+```
+
 ## Troubleshooting
 
 ### Common Issues
@@ -229,7 +237,7 @@ npx expo run:ios
 ## Security
 
 - Access tokens are stored in memory
-- Refresh tokens are securely stored in Keychain
+- Refresh tokens are securely stored in Keychain (iOS) / EncryptedSharedPreferences (Android)
 - HTTPS required for token endpoints
 - Automatic token refresh
 - Proper error handling and recovery
@@ -238,11 +246,14 @@ npx expo run:ios
 
 - Expo SDK 53+
 - iOS 15.1+
+- Android API 24+ (Android 7.0+)
 - Swift 5.9 (Xcode 15+)
 - Node.js 20.0+
 - Expo Development Client
 
-## iOS Native Notes
+## Platform Notes
+
+### iOS
 
 - The Spotify SDK is bundled as a vendored `SpotifyiOS.xcframework`. CocoaPods configures header and framework search paths automatically. You do not need to add manual `HEADER_SEARCH_PATHS` or `FRAMEWORK_SEARCH_PATHS`.
 - If you hit CocoaPods build issues after installing, try:
@@ -251,3 +262,54 @@ cd ios
 pod deintegrate
 pod install --repo-update
 ```
+
+### Android
+
+The Spotify Auth Library (`spotify-auth-release-2.1.0.aar`) v2.1.0 is bundled in `android/Frameworks/`. It handles both app-switch auth (when Spotify is installed) and WebView fallback (when it's not).
+
+#### Android Setup (if iOS is already configured)
+
+If you already have iOS working, Android requires no changes to your `app.config.js` — the same plugin config drives both platforms. However, you do need to complete these additional steps in the Spotify Developer Dashboard:
+
+1. **Register your Android package name and SHA-1 fingerprint** in the [Spotify Developer Dashboard](https://developer.spotify.com/dashboard):
+   - Go to your app → Edit Settings → Android Packages
+   - Add your package name (e.g. `com.yourcompany.yourapp`)
+   - Add your SHA-1 fingerprint(s)
+
+2. **Generate your SHA-1 fingerprint:**
+
+   For **debug** builds:
+   ```bash
+   keytool -alias androiddebugkey -keystore ~/.android/debug.keystore -list -v | grep SHA1
+   ```
+   Default password: `android`
+
+   For **release** builds:
+   ```bash
+   keytool -alias <RELEASE_KEY_ALIAS> -keystore <RELEASE_KEYSTORE_PATH> -list -v | grep SHA1
+   ```
+
+   > We strongly recommend registering both debug and release fingerprints. See [Application Fingerprints](https://developer.spotify.com/documentation/android/tutorials/application-fingerprints) for details.
+
+3. **Ensure the redirect URI** (`your-app-scheme://callback`) is added in the Spotify Dashboard under "Redirect URIs" (this is shared with iOS — likely already done).
+
+4. **Rebuild your app:**
+   ```bash
+   npx expo prebuild --clean
+   npx expo run:android
+   ```
+
+#### What the config plugin does (Android)
+
+The Expo config plugin automatically handles:
+- Injecting `<meta-data>` entries into `AndroidManifest.xml` for `SpotifyClientID`, `SpotifyRedirectURL`, `SpotifyScopes`, `SpotifyTokenSwapURL`, and `SpotifyTokenRefreshURL`
+- Adding an `<intent-filter>` to your main activity for the redirect URI scheme and host
+
+You do **not** need to manually edit `AndroidManifest.xml`.
+
+#### Android-specific behavior
+
+- The `campaign` parameter in `AuthorizeConfig` is **ignored** on Android (not supported by the Spotify Android auth library).
+- Secure token storage uses `EncryptedSharedPreferences` (AES-256) instead of Keychain.
+- When the Spotify app is installed, authentication uses an app-switch flow (no password entry needed). When it's not installed, a WebView fallback is used automatically.
+- Authentication retry for user-interactive flows (e.g. the initial authorization) cannot be retried automatically — the error is reported to JS so your app can prompt the user to try again.

package/android/build.gradle

@@ -0,0 +1,99 @@
+apply plugin: 'com.android.library'
+apply plugin: 'kotlin-android'
+apply plugin: 'maven-publish'
+
+group = 'expo.modules.spotifyauth'
+version = '0.1.0'
+
+def expoModulesCorePlugin = new File(project(":expo-modules-core").projectDir.absolutePath, "ExpoModulesCorePlugin.gradle")
+if (expoModulesCorePlugin.exists()) {
+  apply from: expoModulesCorePlugin
+  applyKotlinExpoModulesCorePlugin()
+}
+
+// Some Expo setups also expect this in buildscript; keeping it for compatibility.
+buildscript {
+  def expoModulesCorePlugin = new File(project(":expo-modules-core").projectDir.absolutePath, "ExpoModulesCorePlugin.gradle")
+  if (expoModulesCorePlugin.exists()) {
+    apply from: expoModulesCorePlugin
+    applyKotlinExpoModulesCorePlugin()
+  }
+}
+
+afterEvaluate {
+  publishing {
+    publications {
+      release(MavenPublication) {
+        from components.release
+      }
+    }
+    repositories {
+      maven {
+        url = mavenLocal().url
+      }
+    }
+  }
+}
+
+android {
+  namespace "expo.modules.spotifyauth"
+
+  compileSdkVersion safeExtGet("compileSdkVersion", 35)
+
+  defaultConfig {
+    minSdkVersion safeExtGet("minSdkVersion", 24)
+    targetSdkVersion safeExtGet("targetSdkVersion", 35)
+  }
+
+  // Allow publishing a sources jar for the release variant
+  publishing {
+    singleVariant("release") {
+      withSourcesJar()
+    }
+  }
+
+  lintOptions {
+    abortOnError false
+  }
+
+  compileOptions {
+    sourceCompatibility JavaVersion.VERSION_17
+    targetCompatibility JavaVersion.VERSION_17
+  }
+
+  kotlinOptions {
+    jvmTarget = JavaVersion.VERSION_17.majorVersion
+  }
+}
+
+/**
+ * Resolve Kotlin version safely.
+ * Prefer the root project's configured Kotlin version (most common in RN/Expo),
+ * fall back to a pinned version if none is defined.
+ */
+def resolvedKotlinVersion() {
+  if (rootProject.ext.has('kotlinVersion')) {
+    return rootProject.ext.kotlinVersion
+  }
+  if (project.ext.has('kotlinVersion')) {
+    return project.ext.kotlinVersion
+  }
+  // Fallback: keep this aligned with your app if you pin Kotlin elsewhere.
+  return '2.0.21'
+}
+
+dependencies {
+  implementation project(':expo-modules-core')
+
+  // Spotify Auth Library (local .aar)
+  implementation files('Frameworks/spotify-auth-release-2.1.0.aar')
+
+  // Required for Spotify Auth Library's browser-based fallback
+  implementation 'androidx.browser:browser:1.8.0'
+  implementation 'androidx.appcompat:appcompat:1.7.0'
+
+  // For secure storage of refresh tokens
+  implementation 'androidx.security:security-crypto:1.1.0-alpha06'
+
+  implementation "org.jetbrains.kotlin:kotlin-stdlib:${resolvedKotlinVersion()}"
+}

package/android/src/main/AndroidManifest.xml

@@ -0,0 +1,4 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
+  <!-- No permissions needed at the library level.
+       The config plugin will add intent-filters to the host app's manifest. -->
+</manifest>