react-native-nitro-auth 0.5.0 → 0.5.3

package/cpp/AuthCache.cpp

@@ -13,91 +13,21 @@
 namespace margelo::nitro::NitroAuth {
 
 #ifdef __APPLE__
-static CFStringRef kService = CFSTR("react-native-nitro-auth");
-static CFStringRef kAccount = CFSTR("nitro_auth_user");
-static CFStringRef kLegacyCacheKey = CFSTR("nitro_auth_user");
-
-static CFMutableDictionaryRef createKeychainQuery() {
-    CFMutableDictionaryRef query = CFDictionaryCreateMutable(
-        kCFAllocatorDefault,
-        0,
-        &kCFTypeDictionaryKeyCallBacks,
-        &kCFTypeDictionaryValueCallBacks
-    );
-    CFDictionarySetValue(query, kSecClass, kSecClassGenericPassword);
-    CFDictionarySetValue(query, kSecAttrService, kService);
-    CFDictionarySetValue(query, kSecAttrAccount, kAccount);
-    return query;
-}
-
-static std::optional<std::string> getLegacyUserJson() {
-    CFPropertyListRef value = CFPreferencesCopyAppValue(kLegacyCacheKey, kCFPreferencesCurrentApplication);
-    if (value && CFGetTypeID(value) == CFStringGetTypeID()) {
-        CFStringRef cfStr = static_cast<CFStringRef>(value);
-        char buffer[4096];
-        if (CFStringGetCString(cfStr, buffer, sizeof(buffer), kCFStringEncodingUTF8)) {
-            CFRelease(value);
-            return std::string(buffer);
-        }
-    }
-    if (value) CFRelease(value);
-    return std::nullopt;
-}
-
-static void clearLegacyUserJson() {
-    CFPreferencesSetAppValue(kLegacyCacheKey, nullptr, kCFPreferencesCurrentApplication);
-    CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication);
-}
+static std::string sInMemoryUserJson;
 
 void AuthCache::setUserJson(const std::string& json) {
-    CFMutableDictionaryRef query = createKeychainQuery();
-    SecItemDelete(query);
-
-    CFDataRef data = CFDataCreate(
-        kCFAllocatorDefault,
-        reinterpret_cast<const UInt8*>(json.data()),
-        static_cast<CFIndex>(json.size())
-    );
-    CFDictionarySetValue(query, kSecValueData, data);
-    CFDictionarySetValue(query, kSecAttrAccessible, kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly);
-
-    SecItemAdd(query, nullptr);
-    CFRelease(data);
-    CFRelease(query);
+    sInMemoryUserJson = json;
 }
 
 std::optional<std::string> AuthCache::getUserJson() {
-    CFMutableDictionaryRef query = createKeychainQuery();
-    CFDictionarySetValue(query, kSecReturnData, kCFBooleanTrue);
-    CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
-
-    CFTypeRef result = nullptr;
-    OSStatus status = SecItemCopyMatching(query, &result);
-    CFRelease(query);
-
-    if (status != errSecSuccess || result == nullptr) {
-        if (result) CFRelease(result);
-        auto legacy = getLegacyUserJson();
-        if (legacy) {
-            AuthCache::setUserJson(*legacy);
-            clearLegacyUserJson();
-            return legacy;
-        }
+    if (sInMemoryUserJson.empty()) {
         return std::nullopt;
     }
-
-    CFDataRef data = static_cast<CFDataRef>(result);
-    const UInt8* bytes = CFDataGetBytePtr(data);
-    const CFIndex length = CFDataGetLength(data);
-    std::string value(reinterpret_cast<const char*>(bytes), static_cast<size_t>(length));
-    CFRelease(result);
-    return value;
+    return sInMemoryUserJson;
 }
 
 void AuthCache::clear() {
-    CFMutableDictionaryRef query = createKeychainQuery();
-    SecItemDelete(query);
-    CFRelease(query);
+    sInMemoryUserJson.clear();
 }
 #endif
 
@@ -108,26 +38,8 @@ struct JContext : JavaClass<JContext> {
     static constexpr auto kJavaDescriptor = "Landroid/content/Context;";
 };
 
-struct JAuthAdapter : facebook::jni::JavaClass<JAuthAdapter> {
-    static constexpr auto kJavaDescriptor = "Lcom/auth/AuthAdapter;";
-    
-    static void setUserJson(facebook::jni::alias_ref<jobject> context, const std::string& json) {
-        static auto method = javaClassStatic()->getStaticMethod<void(alias_ref<JContext>, jstring)>("setUserJson");
-        method(javaClassStatic(), static_ref_cast<JContext>(context), make_jstring(json).get());
-    }
-
-    static facebook::jni::local_ref<jstring> getUserJson(facebook::jni::alias_ref<jobject> context) {
-        static auto method = javaClassStatic()->getStaticMethod<jstring(alias_ref<JContext>)>("getUserJson");
-        return method(javaClassStatic(), static_ref_cast<JContext>(context));
-    }
-
-    static void clearUser(facebook::jni::alias_ref<jobject> context) {
-        static auto method = javaClassStatic()->getStaticMethod<void(alias_ref<JContext>)>("clearUser");
-        method(javaClassStatic(), static_ref_cast<JContext>(context));
-    }
-};
-
 static facebook::jni::global_ref<jobject> gContext;
+static std::string sInMemoryUserJson;
 
 void AuthCache::setAndroidContext(void* context) {
     gContext = facebook::jni::make_global(static_cast<jobject>(context));
@@ -138,20 +50,18 @@ void* AuthCache::getAndroidContext() {
 }
 
 void AuthCache::setUserJson(const std::string& json) {
-    if (!gContext) return;
-    JAuthAdapter::setUserJson(gContext, json);
+    sInMemoryUserJson = json;
 }
 
 std::optional<std::string> AuthCache::getUserJson() {
-    if (!gContext) return std::nullopt;
-    auto result = JAuthAdapter::getUserJson(gContext);
-    if (!result) return std::nullopt;
-    return result->toStdString();
+    if (sInMemoryUserJson.empty()) {
+        return std::nullopt;
+    }
+    return sInMemoryUserJson;
 }
 
 void AuthCache::clear() {
-    if (!gContext) return;
-    JAuthAdapter::clearUser(gContext);
+    sInMemoryUserJson.clear();
 }
 #endif
 

package/cpp/HybridAuth.cpp

@@ -1,6 +1,4 @@
 #include "HybridAuth.hpp"
-#include "AuthCache.hpp"
-#include "JSONSerializer.hpp"
 #include "PlatformAuth.hpp"
 #include <NitroModules/NitroLogger.hpp>
 #include <chrono>
@@ -10,7 +8,7 @@ namespace margelo::nitro::NitroAuth {
 bool HybridAuth::sLoggingEnabled = false;
 
 HybridAuth::HybridAuth() : HybridObject(TAG) {
-  loadFromCache();
+  // In-memory only - no internal persistence.
 }
 
 std::optional<AuthUser> HybridAuth::getCurrentUser() {
@@ -27,41 +25,6 @@ bool HybridAuth::getHasPlayServices() {
   return PlatformAuth::hasPlayServices();
 }
 
-void HybridAuth::loadFromCache() {
-  std::lock_guard<std::mutex> lock(_mutex);
-  std::optional<std::string> json;
-  
-  if (_storageAdapter) {
-    json = _storageAdapter->load("nitro_auth_user");
-  } else {
-    json = AuthCache::getUserJson();
-  }
-  
-  if (json) {
-    _currentUser = JSONSerializer::deserialize(*json);
-    if (_currentUser && _currentUser->scopes) {
-      _grantedScopes = *_currentUser->scopes;
-    }
-  }
-}
-
-void HybridAuth::saveToCache(const std::optional<AuthUser>& user) {
-  if (user) {
-    auto json = JSONSerializer::serialize(*user);
-    if (_storageAdapter) {
-      _storageAdapter->save("nitro_auth_user", json);
-    } else {
-      AuthCache::setUserJson(json);
-    }
-  } else {
-    if (_storageAdapter) {
-      _storageAdapter->remove("nitro_auth_user");
-    } else {
-      AuthCache::clear();
-    }
-  }
-}
-
 void HybridAuth::notifyAuthStateChanged() {
   std::optional<AuthUser> user;
   std::vector<std::function<void(const std::optional<AuthUser>&)>> listeners;
@@ -104,7 +67,6 @@ void HybridAuth::logout() {
     std::lock_guard<std::mutex> lock(_mutex);
     _currentUser = std::nullopt;
     _grantedScopes.clear();
-    saveToCache(std::nullopt);
   }
   PlatformAuth::logout();
   notifyAuthStateChanged();
@@ -114,18 +76,27 @@ std::shared_ptr<Promise<void>> HybridAuth::silentRestore() {
   auto promise = Promise<void>::create();
   auto silentPromise = PlatformAuth::silentRestore();
   silentPromise->addOnResolvedListener([this, promise](const std::optional<AuthUser>& user) {
-    if (user) {
+    {
       std::lock_guard<std::mutex> lock(_mutex);
       _currentUser = user;
-      if (user->scopes) _grantedScopes = *user->scopes;
-      saveToCache(_currentUser);
+      if (user) {
+        if (user->scopes) {
+          _grantedScopes = *user->scopes;
+        } else {
+          _grantedScopes.clear();
+        }
+      } else {
+        _grantedScopes.clear();
+      }
     }
+    // Always resolve - no session is not an error, just means user is logged out
     notifyAuthStateChanged();
     promise->resolve();
   });
   
-  silentPromise->addOnRejectedListener([promise](const std::exception_ptr& error) {
-    promise->reject(error);
+  silentPromise->addOnRejectedListener([promise](const std::exception_ptr&) {
+    // Silently ignore errors during restore - user will be logged out
+    promise->resolve();
   });
   return promise;
 }
@@ -138,11 +109,18 @@ std::shared_ptr<Promise<void>> HybridAuth::login(AuthProvider provider, const st
     {
       std::lock_guard<std::mutex> lock(_mutex);
       _currentUser = user;
-      if (options && options->scopes) {
+      if (user.scopes && !user.scopes->empty()) {
+        _grantedScopes = *user.scopes;
+      } else if (options && options->scopes && !options->scopes->empty()) {
         _grantedScopes = *options->scopes;
+      } else {
+        _grantedScopes.clear();
+      }
+      if (_currentUser) {
+        _currentUser->scopes = _grantedScopes.empty()
+          ? std::nullopt
+          : std::make_optional(_grantedScopes);
       }
-      if (_currentUser) _currentUser->scopes = _grantedScopes;
-      saveToCache(_currentUser);
     }
     notifyAuthStateChanged();
     promise->resolve();
@@ -167,7 +145,6 @@ std::shared_ptr<Promise<void>> HybridAuth::requestScopes(const std::vector<std::
         }
       }
       if (_currentUser) _currentUser->scopes = _grantedScopes;
-      saveToCache(_currentUser);
     }
     notifyAuthStateChanged();
     promise->resolve();
@@ -192,7 +169,6 @@ std::shared_ptr<Promise<void>> HybridAuth::revokeScopes(const std::vector<std::s
     );
     if (_currentUser) {
       _currentUser->scopes = _grantedScopes;
-      saveToCache(_currentUser);
     }
   }
   notifyAuthStateChanged();
@@ -239,9 +215,18 @@ std::shared_ptr<Promise<AuthTokens>> HybridAuth::refreshToken() {
     {
       std::lock_guard<std::mutex> lock(_mutex);
       if (_currentUser) {
-        _currentUser->accessToken = tokens.accessToken;
-        _currentUser->idToken = tokens.idToken;
-        saveToCache(_currentUser);
+        if (tokens.accessToken.has_value()) {
+          _currentUser->accessToken = tokens.accessToken;
+        }
+        if (tokens.idToken.has_value()) {
+          _currentUser->idToken = tokens.idToken;
+        }
+        if (tokens.refreshToken.has_value()) {
+          _currentUser->refreshToken = tokens.refreshToken;
+        }
+        if (tokens.expirationTime.has_value()) {
+          _currentUser->expirationTime = tokens.expirationTime;
+        }
       }
     }
     notifyTokensRefreshed(tokens);
@@ -259,15 +244,6 @@ void HybridAuth::setLoggingEnabled(bool enabled) {
   sLoggingEnabled = enabled;
 }
 
-void HybridAuth::setStorageAdapter(const std::optional<std::shared_ptr<HybridAuthStorageAdapterSpec>>& adapter) {
-  std::lock_guard<std::mutex> lock(_mutex);
-  _storageAdapter = adapter.value_or(nullptr);
-  if (_storageAdapter) {
-    loadFromCache();
-    notifyAuthStateChanged();
-  }
-}
-
 void HybridAuth::notifyTokensRefreshed(const AuthTokens& tokens) {
   std::vector<std::function<void(const AuthTokens&)>> listeners;
   {

package/cpp/HybridAuth.hpp

@@ -31,11 +31,10 @@ public:
   std::function<void()> onAuthStateChanged(const std::function<void(const std::optional<AuthUser>&)>& callback) override;
   std::function<void()> onTokensRefreshed(const std::function<void(const AuthTokens&)>& callback) override;
   void setLoggingEnabled(bool enabled) override;
-  void setStorageAdapter(const std::optional<std::shared_ptr<HybridAuthStorageAdapterSpec>>& adapter) override;
+  // Note: setStorageAdapter is kept internally but not exposed in public API
+  // Storage is in-memory only by default
 
 private:
-  void loadFromCache();
-  void saveToCache(const std::optional<AuthUser>& user);
   void notifyAuthStateChanged();
   void notifyTokensRefreshed(const AuthTokens& tokens);
 
@@ -45,7 +44,6 @@ private:
   std::map<int, std::function<void(const std::optional<AuthUser>&)>> _listeners;
   int _nextListenerId = 0;
   
-  std::shared_ptr<HybridAuthStorageAdapterSpec> _storageAdapter;
   std::map<int, std::function<void(const AuthTokens&)>> _tokenListeners;
   int _nextTokenListenerId = 0;
   

package/ios/AuthAdapter.swift

@@ -7,6 +7,11 @@ import CommonCrypto
 
 @objc
 public class AuthAdapter: NSObject {
+  private static let defaultMicrosoftScopes = ["openid", "email", "profile", "offline_access", "User.Read"]
+  private static var inMemoryMicrosoftRefreshToken: String?
+  private static var inMemoryMicrosoftScopes: [String] = defaultMicrosoftScopes
+  private static var inMemoryGoogleServerAuthCode: String?
+
   @objc
   public static func login(provider: String, scopes: [String], loginHint: String?, useSheet: Bool, forceAccountPicker: Bool = false, tenant: String? = nil, prompt: String? = nil, completion: @escaping (NSDictionary?, String?) -> Void) {
     if provider == "google" {
@@ -258,9 +263,9 @@ public class AuthAdapter: NSObject {
         let expirationTime = Date().timeIntervalSince1970 * 1000 + expiresIn * 1000
         
         if !refreshToken.isEmpty {
-          KeychainStore.set(refreshToken, for: "nitro_auth_microsoft_refresh_token")
+          inMemoryMicrosoftRefreshToken = refreshToken
         }
-        UserDefaults.standard.set(scopes, forKey: "nitro_auth_microsoft_scopes")
+        inMemoryMicrosoftScopes = scopes.isEmpty ? defaultMicrosoftScopes : scopes
         
         let resultData: [String: Any] = [
           "provider": "microsoft",
@@ -313,6 +318,9 @@ public class AuthAdapter: NSObject {
       return
     }
     
+    let serverAuthCode = result?.serverAuthCode ?? ""
+    inMemoryGoogleServerAuthCode = serverAuthCode.isEmpty ? nil : serverAuthCode
+
     let data: [String: Any] = [
       "provider": "google",
       "email": user.profile?.email ?? "",
@@ -320,7 +328,7 @@ public class AuthAdapter: NSObject {
       "photo": user.profile?.imageURL(withDimension: 300)?.absoluteString ?? "",
       "idToken": user.idToken?.tokenString ?? "",
       "accessToken": user.accessToken.tokenString,
-      "serverAuthCode": result?.serverAuthCode ?? "",
+      "serverAuthCode": serverAuthCode,
       "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000,
       "underlyingError": ""
     ]
@@ -353,12 +361,11 @@ public class AuthAdapter: NSObject {
       }
       return
     }
-    guard getStoredMicrosoftRefreshToken() != nil else {
+    guard inMemoryMicrosoftRefreshToken != nil else {
       completion(nil, "No user logged in")
       return
     }
-    let storedScopes = UserDefaults.standard.array(forKey: "nitro_auth_microsoft_scopes") as? [String] ?? ["openid", "email", "profile", "offline_access", "User.Read"]
-    let mergedScopes = Array(Set(storedScopes + scopes))
+    let mergedScopes = Array(Set(inMemoryMicrosoftScopes + scopes))
     loginMicrosoft(scopes: mergedScopes, loginHint: nil, tenant: nil, prompt: nil, completion: completion)
   }
 
@@ -399,7 +406,7 @@ public class AuthAdapter: NSObject {
             "photo": user.profile?.imageURL(withDimension: 300)?.absoluteString ?? "",
             "idToken": user.idToken?.tokenString ?? "",
             "accessToken": user.accessToken.tokenString,
-            "serverAuthCode": "",
+            "serverAuthCode": inMemoryGoogleServerAuthCode ?? "",
             "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000
           ]
           completion(data as NSDictionary)
@@ -413,7 +420,7 @@ public class AuthAdapter: NSObject {
   }
 
   private static func tryMicrosoftSilentRefresh(completion: @escaping (NSDictionary?) -> Void) {
-    guard let refreshToken = getStoredMicrosoftRefreshToken() else {
+    guard let refreshToken = inMemoryMicrosoftRefreshToken else {
       completion(nil)
       return
     }
@@ -459,7 +466,7 @@ public class AuthAdapter: NSObject {
         let expirationTime = Date().timeIntervalSince1970 * 1000 + expiresIn * 1000
         
         if !newRefreshToken.isEmpty {
-          KeychainStore.set(newRefreshToken, for: "nitro_auth_microsoft_refresh_token")
+          inMemoryMicrosoftRefreshToken = newRefreshToken
         }
         
         let resultData: [String: Any] = [
@@ -478,7 +485,7 @@ public class AuthAdapter: NSObject {
   }
 
   private static func tryMicrosoftRefreshForTokenRefresh(completion: @escaping (NSDictionary?, String?) -> Void) {
-    guard let refreshToken = getStoredMicrosoftRefreshToken() else {
+    guard let refreshToken = inMemoryMicrosoftRefreshToken else {
       completion(nil, "No user logged in")
       return
     }
@@ -523,7 +530,7 @@ public class AuthAdapter: NSObject {
         let expiresIn = json["expires_in"] as? Double ?? 0
         let expirationTime = Date().timeIntervalSince1970 * 1000 + expiresIn * 1000
         if !newRefreshToken.isEmpty {
-          KeychainStore.set(newRefreshToken, for: "nitro_auth_microsoft_refresh_token")
+          inMemoryMicrosoftRefreshToken = newRefreshToken
         }
         let tokensData: [String: Any] = [
           "accessToken": accessToken,
@@ -551,20 +558,9 @@ public class AuthAdapter: NSObject {
   @objc
   public static func logout() {
     GIDSignIn.sharedInstance.signOut()
-    KeychainStore.remove("nitro_auth_microsoft_refresh_token")
-    UserDefaults.standard.removeObject(forKey: "nitro_auth_microsoft_scopes")
-  }
-
-  private static func getStoredMicrosoftRefreshToken() -> String? {
-    if let token = KeychainStore.get("nitro_auth_microsoft_refresh_token") {
-      return token
-    }
-    if let legacy = UserDefaults.standard.string(forKey: "nitro_auth_microsoft_refresh_token") {
-      KeychainStore.set(legacy, for: "nitro_auth_microsoft_refresh_token")
-      UserDefaults.standard.removeObject(forKey: "nitro_auth_microsoft_refresh_token")
-      return legacy
-    }
-    return nil
+    inMemoryMicrosoftRefreshToken = nil
+    inMemoryMicrosoftScopes = defaultMicrosoftScopes
+    inMemoryGoogleServerAuthCode = nil
   }
 }