react-native-nitro-auth 0.5.0 → 0.5.3

package/android/src/main/cpp/PlatformAuth+Android.cpp

@@ -51,6 +51,7 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     std::optional<std::string> prompt;
     bool useOneTap = false;
     bool forceAccountPicker = false;
+    bool useLegacyGoogleSignIn = false;
 
     if (options) {
         if (options->scopes) scopes = *options->scopes;
@@ -66,6 +67,7 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
         }
         useOneTap = options->useOneTap.value_or(false);
         forceAccountPicker = options->forceAccountPicker.value_or(false);
+        useLegacyGoogleSignIn = options->useLegacyGoogleSignIn.value_or(false);
     }
 
     JNIEnv* env = Environment::current();
@@ -81,7 +83,7 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     
     jclass adapterClass = env->FindClass("com/auth/AuthAdapter");
     jmethodID loginMethod = env->GetStaticMethodID(adapterClass, "loginSync", 
-        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZLjava/lang/String;Ljava/lang/String;)V");
+        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZZLjava/lang/String;Ljava/lang/String;)V");
     env->CallStaticVoidMethod(adapterClass, loginMethod, 
         contextPtr, 
         make_jstring(providerStr).get(),
@@ -90,6 +92,7 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
         jLoginHint,
         (jboolean)useOneTap,
         (jboolean)forceAccountPicker,
+        (jboolean)useLegacyGoogleSignIn,
         jTenant,
         jPrompt);
     

package/android/src/main/java/com/auth/AuthAdapter.kt

@@ -1,9 +1,9 @@
+@file:Suppress("DEPRECATION")
+
 package com.auth
 
 import android.content.Context
-import android.content.SharedPreferences
 import android.os.Bundle
-import android.os.Build
 import android.util.Log
 import com.google.android.gms.auth.api.signin.GoogleSignIn
 import com.google.android.gms.auth.api.signin.GoogleSignInAccount
@@ -25,17 +25,12 @@ import android.app.Application
 import android.content.Intent
 import android.net.Uri
 import androidx.browser.customtabs.CustomTabsIntent
-import androidx.security.crypto.EncryptedSharedPreferences
-import androidx.security.crypto.MasterKeys
 import java.util.UUID
-import org.json.JSONArray
 import org.json.JSONObject
 import android.util.Base64
 
 object AuthAdapter {
     private const val TAG = "AuthAdapter"
-    private const val PREF_NAME = "nitro_auth"
-    private const val SECURE_PREF_NAME = "nitro_auth_secure"
     
     private var appContext: Context? = null
     private var currentActivity: Activity? = null
@@ -49,47 +44,10 @@ object AuthAdapter {
     private var pendingMicrosoftTenant: String? = null
     private var pendingMicrosoftClientId: String? = null
     private var pendingMicrosoftB2cDomain: String? = null
-
-    private fun getPrefs(context: Context): SharedPreferences {
-        return try {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
-                val securePrefs = EncryptedSharedPreferences.create(
-                    SECURE_PREF_NAME,
-                    masterKeyAlias,
-                    context,
-                    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-                    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
-                )
-                migrateLegacyPrefsIfNeeded(context, securePrefs)
-                securePrefs
-            } else {
-                context.getSharedPreferences(PREF_NAME, Context.MODE_PRIVATE)
-            }
-        } catch (e: Exception) {
-            Log.w(TAG, "Failed to initialize encrypted storage, falling back to SharedPreferences", e)
-            context.getSharedPreferences(PREF_NAME, Context.MODE_PRIVATE)
-        }
-    }
-
-    private fun migrateLegacyPrefsIfNeeded(context: Context, securePrefs: SharedPreferences) {
-        val legacyPrefs = context.getSharedPreferences(PREF_NAME, Context.MODE_PRIVATE)
-        if (legacyPrefs.all.isEmpty() || securePrefs.all.isNotEmpty()) {
-            return
-        }
-        val editor = securePrefs.edit()
-        for ((key, value) in legacyPrefs.all) {
-            when (value) {
-                is String -> editor.putString(key, value)
-                is Boolean -> editor.putBoolean(key, value)
-                is Int -> editor.putInt(key, value)
-                is Long -> editor.putLong(key, value)
-                is Float -> editor.putFloat(key, value)
-            }
-        }
-        editor.apply()
-        legacyPrefs.edit().clear().apply()
-    }
+    
+    private var inMemoryMicrosoftRefreshToken: String? = null
+    private var inMemoryMicrosoftScopes: List<String> =
+        listOf("openid", "email", "profile", "offline_access", "User.Read")
 
     @JvmStatic
     private external fun nativeInitialize(context: Context)
@@ -139,11 +97,10 @@ object AuthAdapter {
     }
 
     fun onSignInSuccess(account: GoogleSignInAccount, scopes: List<String>) {
-        val ctx = appContext ?: return
-        saveUser(ctx, "google", account.email, account.displayName,
-                 account.photoUrl?.toString(), account.idToken, account.serverAuthCode, scopes)
+        appContext ?: return
+        val expirationTime = getJwtExpirationTimeMs(account.idToken)
         nativeOnLoginSuccess("google", account.email, account.displayName,
-                            account.photoUrl?.toString(), account.idToken, null, account.serverAuthCode, scopes.toTypedArray(), null)
+                            account.photoUrl?.toString(), account.idToken, null, account.serverAuthCode, scopes.toTypedArray(), expirationTime)
     }
 
     fun onSignInError(errorCode: Int, message: String?) {
@@ -157,7 +114,18 @@ object AuthAdapter {
     }
 
     @JvmStatic
-    fun loginSync(context: Context, provider: String, googleClientId: String?, scopes: Array<String>?, loginHint: String?, useOneTap: Boolean, forceAccountPicker: Boolean = false, tenant: String? = null, prompt: String? = null) {
+    fun loginSync(
+        context: Context,
+        provider: String,
+        googleClientId: String?,
+        scopes: Array<String>?,
+        loginHint: String?,
+        useOneTap: Boolean,
+        forceAccountPicker: Boolean = false,
+        useLegacyGoogleSignIn: Boolean = false,
+        tenant: String? = null,
+        prompt: String? = null
+    ) {
         if (provider == "apple") {
             nativeOnLoginError("unsupported_provider", "Apple Sign-In is not supported on Android.")
             return
@@ -183,13 +151,12 @@ object AuthAdapter {
         val requestedScopes = scopes?.toList() ?: listOf("email", "profile")
         pendingScopes = requestedScopes
 
-        if (useOneTap && !forceAccountPicker) {
-            loginOneTap(context, clientId, requestedScopes)
-        } else {
-            val intent = GoogleSignInActivity.createIntent(ctx, clientId, requestedScopes.toTypedArray(), loginHint, forceAccountPicker)
-            intent.addFlags(android.content.Intent.FLAG_ACTIVITY_NEW_TASK)
-            ctx.startActivity(intent)
+        if (useLegacyGoogleSignIn) {
+            loginLegacy(context, clientId, requestedScopes, loginHint, forceAccountPicker)
+            return
         }
+
+        loginOneTap(context, clientId, requestedScopes, loginHint, forceAccountPicker, useOneTap)
     }
 
     private fun loginMicrosoft(context: Context, scopes: Array<String>?, loginHint: String?, tenant: String?, prompt: String?) {
@@ -381,12 +348,11 @@ object AuthAdapter {
             val email = claims["preferred_username"] ?: claims["email"]
             val name = claims["name"]
 
-            val ctx = appContext
-            if (ctx != null) {
-                saveUser(ctx, "microsoft", email, name, null, idToken, refreshToken, pendingMicrosoftScopes)
-                if (refreshToken.isNotEmpty()) {
-                    saveMicrosoftRefreshToken(ctx, refreshToken)
-                }
+            if (refreshToken.isNotEmpty()) {
+                inMemoryMicrosoftRefreshToken = refreshToken
+            }
+            inMemoryMicrosoftScopes = pendingMicrosoftScopes.ifEmpty {
+                listOf("openid", "email", "profile", "offline_access", "User.Read")
             }
 
             clearPkceState()
@@ -407,14 +373,12 @@ object AuthAdapter {
         }
     }
 
-    private fun saveMicrosoftRefreshToken(context: Context, refreshToken: String) {
-        val prefs = getPrefs(context)
-        prefs.edit().putString("microsoft_refresh_token", refreshToken).apply()
+    private fun saveMicrosoftRefreshToken(refreshToken: String) {
+        inMemoryMicrosoftRefreshToken = refreshToken
     }
 
-    private fun getMicrosoftRefreshToken(context: Context): String? {
-        val prefs = getPrefs(context)
-        return prefs.getString("microsoft_refresh_token", null)
+    private fun getMicrosoftRefreshToken(): String? {
+        return inMemoryMicrosoftRefreshToken
     }
 
     private fun clearPkceState() {
@@ -443,6 +407,15 @@ object AuthAdapter {
         }
     }
 
+    private fun getJwtExpirationTimeMs(idToken: String?): Long? {
+        if (idToken.isNullOrEmpty()) {
+            return null
+        }
+
+        val expSeconds = decodeJwt(idToken)["exp"]?.toLongOrNull() ?: return null
+        return expSeconds * 1000
+    }
+
     private fun getMicrosoftClientIdFromResources(context: Context): String? {
         val resId = context.resources.getIdentifier("nitro_auth_microsoft_client_id", "string", context.packageName)
         return if (resId != 0) context.getString(resId) else null
@@ -470,18 +443,25 @@ object AuthAdapter {
         }
     }
 
-    private fun loginOneTap(context: Context, clientId: String, scopes: List<String>) {
+    private fun loginOneTap(
+        context: Context,
+        clientId: String,
+        scopes: List<String>,
+        loginHint: String?,
+        forceAccountPicker: Boolean,
+        useOneTap: Boolean
+    ) {
         val activity = currentActivity ?: context as? Activity
         if (activity == null) {
             Log.w(TAG, "No Activity context available for One-Tap, falling back to legacy")
-            return loginLegacy(context, clientId, scopes)
+            return loginLegacy(context, clientId, scopes, loginHint, forceAccountPicker)
         }
         
         val credentialManager = CredentialManager.create(activity)
         val googleIdOption = GetGoogleIdOption.Builder()
             .setFilterByAuthorizedAccounts(false)
             .setServerClientId(clientId)
-            .setAutoSelectEnabled(false)
+            .setAutoSelectEnabled(useOneTap && !forceAccountPicker)
             .build()
 
         val request = GetCredentialRequest.Builder()
@@ -494,14 +474,26 @@ object AuthAdapter {
                 handleCredentialResponse(result, scopes)
             } catch (e: Exception) {
                 Log.w(TAG, "One-Tap failed, falling back to legacy: ${e.message}")
-                loginLegacy(context, clientId, scopes)
+                loginLegacy(context, clientId, scopes, loginHint, forceAccountPicker)
             }
         }
     }
 
-    private fun loginLegacy(context: Context, clientId: String, scopes: List<String>) {
+    private fun loginLegacy(
+        context: Context,
+        clientId: String,
+        scopes: List<String>,
+        loginHint: String?,
+        forceAccountPicker: Boolean
+    ) {
         val ctx = appContext ?: context.applicationContext
-        val intent = GoogleSignInActivity.createIntent(ctx, clientId, scopes.toTypedArray(), null)
+        val intent = GoogleSignInActivity.createIntent(
+            ctx,
+            clientId,
+            scopes.toTypedArray(),
+            loginHint,
+            forceAccountPicker
+        )
         intent.addFlags(android.content.Intent.FLAG_ACTIVITY_NEW_TASK)
         ctx.startActivity(intent)
     }
@@ -522,6 +514,7 @@ object AuthAdapter {
         }
 
         if (googleIdTokenCredential != null) {
+            val expirationTime = getJwtExpirationTimeMs(googleIdTokenCredential.idToken)
             nativeOnLoginSuccess(
                 "google",
                 googleIdTokenCredential.id,
@@ -531,7 +524,7 @@ object AuthAdapter {
                 null,
                 null,
                 scopes.toTypedArray(),
-                null
+                expirationTime
             )
         } else {
             Log.w(TAG, "Unsupported credential type: ${credential.type}")
@@ -559,12 +552,8 @@ object AuthAdapter {
             ctx.startActivity(intent)
             return
         }
-        val userJson = getUserJson(ctx)
-        if (userJson != null && userJson.contains("\"provider\":\"microsoft\"")) {
-            val currentScopes = extractScopesFromUserJson(userJson)
-            val defaultMicrosoftScopes = listOf("openid", "email", "profile", "offline_access", "User.Read")
-            val existing = if (currentScopes.isEmpty()) defaultMicrosoftScopes else currentScopes
-            val mergedScopes = (existing + scopes.toList()).distinct()
+        if (inMemoryMicrosoftRefreshToken != null) {
+            val mergedScopes = (inMemoryMicrosoftScopes + scopes.toList()).distinct()
             val tenant = getMicrosoftTenantFromResources(ctx)
             loginMicrosoft(ctx, mergedScopes.toTypedArray(), null, tenant, null)
             return
@@ -593,20 +582,21 @@ object AuthAdapter {
             googleSignInClient!!.silentSignIn().addOnCompleteListener { task ->
                 if (task.isSuccessful) {
                     val acc = task.result
-                    nativeOnRefreshSuccess(acc?.idToken, null, null)
+                    nativeOnRefreshSuccess(
+                        acc?.idToken,
+                        null,
+                        getJwtExpirationTimeMs(acc?.idToken),
+                    )
                 } else {
                     nativeOnRefreshError("network_error", task.exception?.message ?: "Silent sign-in failed")
                 }
             }
             return
         }
-        val userJson = getUserJson(ctx)
-        if (userJson != null && userJson.contains("\"provider\":\"microsoft\"")) {
-            val refreshToken = getMicrosoftRefreshToken(ctx)
-            if (refreshToken != null) {
-                refreshMicrosoftTokenForRefresh(ctx, refreshToken)
-                return
-            }
+        val refreshToken = getMicrosoftRefreshToken()
+        if (refreshToken != null) {
+            refreshMicrosoftTokenForRefresh(ctx, refreshToken)
+            return
         }
         nativeOnRefreshError("unknown", "No user logged in")
     }
@@ -631,7 +621,8 @@ object AuthAdapter {
                 .build()
             GoogleSignIn.getClient(ctx, gso).signOut()
         }
-        clearUser(ctx)
+        inMemoryMicrosoftRefreshToken = null
+        inMemoryMicrosoftScopes = listOf("openid", "email", "profile", "offline_access", "User.Read")
     }
 
     @JvmStatic
@@ -646,7 +637,8 @@ object AuthAdapter {
                 .build()
             GoogleSignIn.getClient(ctx, gso).revokeAccess()
         }
-        clearUser(ctx)
+        inMemoryMicrosoftRefreshToken = null
+        inMemoryMicrosoftScopes = listOf("openid", "email", "profile", "offline_access", "User.Read")
     }
 
     private fun getClientIdFromResources(context: Context): String? {
@@ -654,66 +646,19 @@ object AuthAdapter {
         return if (resId != 0) context.getString(resId) else null
     }
 
-    @JvmStatic
-    fun getUserJson(context: Context): String? {
-        val pref = getPrefs(context)
-        return pref.getString("user_json", null)
-    }
-
-    @JvmStatic
-    fun setUserJson(context: Context, json: String) {
-        val pref = getPrefs(context)
-        pref.edit().putString("user_json", json).apply()
-    }
-
-    @JvmStatic
-    fun clearUser(context: Context) {
-        val pref = getPrefs(context)
-        pref.edit().clear().apply()
-    }
-
     @JvmStatic
     fun restoreSession(context: Context) {
         val ctx = context.applicationContext ?: appContext ?: context
         val account = GoogleSignIn.getLastSignedInAccount(ctx)
         if (account != null) {
+            val expirationTime = getJwtExpirationTimeMs(account.idToken)
             nativeOnLoginSuccess("google", account.email, account.displayName,
                                 account.photoUrl?.toString(), account.idToken, null, account.serverAuthCode,
-                                account.grantedScopes?.map { it.scopeUri }?.toTypedArray(), null)
+                                account.grantedScopes?.map { it.scopeUri }?.toTypedArray(), expirationTime)
         } else {
-            val json = getUserJson(ctx)
-            if (json != null) {
-                val provider = try {
-                    val parsed = JSONObject(json)
-                    parsed.optString("provider")
-                } catch (_: Exception) {
-                    ""
-                }
-                val effectiveProvider = when (provider) {
-                    "google" -> "google"
-                    "microsoft" -> "microsoft"
-                    "apple" -> "apple"
-                    else -> "apple"
-                }
-                
-                if (effectiveProvider == "microsoft") {
-                    val refreshToken = getMicrosoftRefreshToken(ctx)
-                    if (refreshToken != null) {
-                        refreshMicrosoftToken(ctx, refreshToken)
-                    } else {
-                        val email = extractJsonValue(json, "email")
-                        val name = extractJsonValue(json, "name")
-                        val idToken = extractJsonValue(json, "idToken")
-                        nativeOnLoginSuccess(effectiveProvider, email, name, null, idToken, null, null, null, null)
-                    }
-                } else {
-                    val email = extractJsonValue(json, "email")
-                    val name = extractJsonValue(json, "name")
-                    val photo = extractJsonValue(json, "photo")
-                    val idToken = extractJsonValue(json, "idToken")
-                    val serverAuthCode = extractJsonValue(json, "serverAuthCode")
-                    nativeOnLoginSuccess(effectiveProvider, email, name, photo, idToken, null, serverAuthCode, null, null)
-                }
+            val refreshToken = getMicrosoftRefreshToken()
+            if (refreshToken != null) {
+                refreshMicrosoftToken(ctx, refreshToken)
             } else {
                 nativeOnLoginError("unknown", "No session")
             }
@@ -770,9 +715,11 @@ object AuthAdapter {
                         val name = claims["name"]
 
                         if (newRefreshToken.isNotEmpty()) {
-                            saveMicrosoftRefreshToken(context, newRefreshToken)
+                            saveMicrosoftRefreshToken(newRefreshToken)
+                        }
+                        inMemoryMicrosoftScopes = pendingMicrosoftScopes.ifEmpty {
+                            listOf("openid", "email", "profile", "offline_access", "User.Read")
                         }
-                        saveUser(context, "microsoft", email, name, null, newIdToken, newRefreshToken, null)
 
                         nativeOnLoginSuccess("microsoft", email, name, null, newIdToken, newAccessToken, null, null, expirationTime)
                     } else {
@@ -828,9 +775,11 @@ object AuthAdapter {
                         val email = claims["preferred_username"] ?: claims["email"]
                         val name = claims["name"]
                         if (newRefreshToken.isNotEmpty()) {
-                            saveMicrosoftRefreshToken(context, newRefreshToken)
+                            saveMicrosoftRefreshToken(newRefreshToken)
+                        }
+                        inMemoryMicrosoftScopes = pendingMicrosoftScopes.ifEmpty {
+                            listOf("openid", "email", "profile", "offline_access", "User.Read")
                         }
-                        saveUser(context, "microsoft", email, name, null, newIdToken, newRefreshToken, null)
                         nativeOnRefreshSuccess(
                             newIdToken.ifEmpty { null },
                             newAccessToken.ifEmpty { null },
@@ -848,36 +797,4 @@ object AuthAdapter {
         }
     }
 
-    private fun extractJsonValue(json: String, key: String): String? {
-        return try {
-            val value = JSONObject(json).optString(key, "")
-            if (value.isEmpty()) null else value
-        } catch (_: Exception) {
-            null
-        }
-    }
-
-    private fun extractScopesFromUserJson(json: String): List<String> {
-        return try {
-            val jsonObj = JSONObject(json)
-            val arr = jsonObj.optJSONArray("scopes") ?: return emptyList()
-            (0 until arr.length()).mapNotNull { i -> arr.optString(i).takeIf { it.isNotEmpty() } }
-        } catch (_: Exception) {
-            emptyList()
-        }
-    }
-
-    private fun saveUser(context: Context, provider: String, email: String?, name: String?, 
-                          photo: String?, idToken: String?, serverAuthCode: String?, scopes: List<String>?) {
-        val pref = getPrefs(context)
-        val json = JSONObject()
-        json.put("provider", provider)
-        if (email != null) json.put("email", email)
-        if (name != null) json.put("name", name)
-        if (photo != null) json.put("photo", photo)
-        if (idToken != null) json.put("idToken", idToken)
-        if (serverAuthCode != null) json.put("serverAuthCode", serverAuthCode)
-        if (scopes != null) json.put("scopes", JSONArray(scopes))
-        pref.edit().putString("user_json", json.toString()).apply()
-    }
 }

package/android/src/main/java/com/auth/GoogleSignInActivity.kt

@@ -1,3 +1,5 @@
+@file:Suppress("DEPRECATION")
+
 package com.auth
 
 import android.app.Activity
@@ -84,4 +86,3 @@ class GoogleSignInActivity : ComponentActivity() {
         }
     }
 }
-

package/android/src/main/java/com/auth/NitroAuthPackage.kt

@@ -1,3 +1,5 @@
+@file:Suppress("DEPRECATION", "OVERRIDE_DEPRECATION")
+
 package com.auth
 
 import com.facebook.react.ReactPackage

package/app.plugin.js

@@ -6,7 +6,6 @@ const {
   AndroidConfig,
   createRunOncePlugin,
 } = require("@expo/config-plugins");
-
 const pkg = require("./package.json");
 
 const withNitroAuth = (config, props = {}) => {
@@ -157,9 +156,7 @@ const withNitroAuth = (config, props = {}) => {
           ],
         };
         const existingMsalActivity = application.activity.find(
-          (a) =>
-            a.$?.["android:name"] ===
-            "com.auth.MicrosoftAuthActivity",
+          (a) => a.$?.["android:name"] === "com.auth.MicrosoftAuthActivity",
         );
         if (!existingMsalActivity) {
           application.activity.push(msalActivity);
@@ -172,8 +169,4 @@ const withNitroAuth = (config, props = {}) => {
   return config;
 };
 
-module.exports = createRunOncePlugin(
-  withNitroAuth,
-  pkg.name,
-  pkg.version,
-);
+module.exports = createRunOncePlugin(withNitroAuth, pkg.name, pkg.version);