react-native-nitro-auth 0.5.1 → 0.5.4

package/android/build.gradle

@@ -93,7 +93,7 @@ dependencies {
   implementation project(":react-native-nitro-modules")
   
   // Google Sign-In SDK (full scope support)
-  implementation "com.google.android.gms:play-services-auth:21.2.0"
+  implementation "com.google.android.gms:play-services-auth:21.5.1"
   
   // Activity result APIs
   implementation "androidx.activity:activity-ktx:1.9.3"
@@ -104,8 +104,5 @@ dependencies {
   // Google Credential Manager (One-Tap / Passkeys)
   implementation "androidx.credentials:credentials:1.5.0"
   implementation "androidx.credentials:credentials-play-services-auth:1.5.0"
-  implementation "com.google.android.libraries.identity.googleid:googleid:1.1.1"
-
-  // Secure storage (EncryptedSharedPreferences)
-  implementation "androidx.security:security-crypto:1.0.0"
+  implementation "com.google.android.libraries.identity.googleid:googleid:1.2.0"
 }

package/android/src/main/cpp/PlatformAuth+Android.cpp

@@ -6,6 +6,8 @@
 #include <fbjni/fbjni.h>
 #include <NitroModules/NitroLogger.hpp>
 #include <NitroModules/Promise.hpp>
+#include <exception>
+#include <stdexcept>
 
 namespace margelo::nitro::NitroAuth {
 
@@ -24,6 +26,33 @@ static std::shared_ptr<Promise<AuthUser>> gScopesPromise;
 static std::shared_ptr<Promise<AuthTokens>> gRefreshPromise;
 static std::shared_ptr<Promise<std::optional<AuthUser>>> gSilentPromise;
 static std::mutex gMutex;
+static jclass gAuthAdapterClass = nullptr;
+static jmethodID gLoginMethod = nullptr;
+static jmethodID gRequestScopesMethod = nullptr;
+
+static void ensureAuthAdapterMethods(JNIEnv* env) {
+    if (gAuthAdapterClass != nullptr && gLoginMethod != nullptr && gRequestScopesMethod != nullptr) {
+        return;
+    }
+
+    jclass localAdapterClass = env->FindClass("com/auth/AuthAdapter");
+    if (localAdapterClass == nullptr) {
+        throw std::runtime_error("Unable to resolve com/auth/AuthAdapter");
+    }
+    gAuthAdapterClass = static_cast<jclass>(env->NewGlobalRef(localAdapterClass));
+    env->DeleteLocalRef(localAdapterClass);
+
+    gLoginMethod = env->GetStaticMethodID(
+        gAuthAdapterClass,
+        "loginSync",
+        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZZLjava/lang/String;Ljava/lang/String;)V"
+    );
+    gRequestScopesMethod = env->GetStaticMethodID(
+        gAuthAdapterClass,
+        "requestScopesSync",
+        "(Landroid/content/Context;[Ljava/lang/String;)V"
+    );
+}
 
 std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, const std::optional<LoginOptions>& options) {
     auto promise = Promise<AuthUser>::create();
@@ -35,6 +64,9 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gLoginPromise) {
+            gLoginPromise->reject(std::make_exception_ptr(std::runtime_error("Login request superseded by a newer request")));
+        }
         gLoginPromise = promise;
     }
     
@@ -71,30 +103,47 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     }
 
     JNIEnv* env = Environment::current();
+    try {
+        ensureAuthAdapterMethods(env);
+    } catch (...) {
+        promise->reject(std::current_exception());
+        return promise;
+    }
     jclass stringClass = env->FindClass("java/lang/String");
     jobjectArray jScopes = env->NewObjectArray(scopes.size(), stringClass, nullptr);
     for (size_t i = 0; i < scopes.size(); i++) {
         env->SetObjectArrayElement(jScopes, i, make_jstring(scopes[i]).get());
     }
     
-    jstring jLoginHint = loginHint.has_value() ? make_jstring(loginHint.value()).get() : nullptr;
-    jstring jTenant = tenant.has_value() ? make_jstring(tenant.value()).get() : nullptr;
-    jstring jPrompt = prompt.has_value() ? make_jstring(prompt.value()).get() : nullptr;
-    
-    jclass adapterClass = env->FindClass("com/auth/AuthAdapter");
-    jmethodID loginMethod = env->GetStaticMethodID(adapterClass, "loginSync", 
-        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZZLjava/lang/String;Ljava/lang/String;)V");
-    env->CallStaticVoidMethod(adapterClass, loginMethod, 
+    local_ref<JString> providerRef = make_jstring(providerStr);
+    local_ref<JString> loginHintRef;
+    local_ref<JString> tenantRef;
+    local_ref<JString> promptRef;
+
+    if (loginHint.has_value()) {
+        loginHintRef = make_jstring(loginHint.value());
+    }
+    if (tenant.has_value()) {
+        tenantRef = make_jstring(tenant.value());
+    }
+    if (prompt.has_value()) {
+        promptRef = make_jstring(prompt.value());
+    }
+
+    env->CallStaticVoidMethod(gAuthAdapterClass, gLoginMethod, 
         contextPtr, 
-        make_jstring(providerStr).get(),
+        providerRef.get(),
         nullptr,
         jScopes,
-        jLoginHint,
+        loginHintRef.get(),
         (jboolean)useOneTap,
         (jboolean)forceAccountPicker,
         (jboolean)useLegacyGoogleSignIn,
-        jTenant,
-        jPrompt);
+        tenantRef.get(),
+        promptRef.get());
+
+    env->DeleteLocalRef(jScopes);
+    env->DeleteLocalRef(stringClass);
     
     return promise;
 }
@@ -109,20 +158,28 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::requestScopes(const std::vector
     
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gScopesPromise) {
+            gScopesPromise->reject(std::make_exception_ptr(std::runtime_error("Scope request superseded by a newer request")));
+        }
         gScopesPromise = promise;
     }
     
     JNIEnv* env = Environment::current();
+    try {
+        ensureAuthAdapterMethods(env);
+    } catch (...) {
+        promise->reject(std::current_exception());
+        return promise;
+    }
     jclass stringClass = env->FindClass("java/lang/String");
     jobjectArray jScopes = env->NewObjectArray(scopes.size(), stringClass, nullptr);
     for (size_t i = 0; i < scopes.size(); i++) {
         env->SetObjectArrayElement(jScopes, i, make_jstring(scopes[i]).get());
     }
     
-    jclass adapterClass = env->FindClass("com/auth/AuthAdapter");
-    jmethodID requestMethod = env->GetStaticMethodID(adapterClass, "requestScopesSync", 
-        "(Landroid/content/Context;[Ljava/lang/String;)V");
-    env->CallStaticVoidMethod(adapterClass, requestMethod, contextPtr, jScopes);
+    env->CallStaticVoidMethod(gAuthAdapterClass, gRequestScopesMethod, contextPtr, jScopes);
+    env->DeleteLocalRef(jScopes);
+    env->DeleteLocalRef(stringClass);
     return promise;
 }
 
@@ -136,6 +193,9 @@ std::shared_ptr<Promise<AuthTokens>> PlatformAuth::refreshToken() {
     
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gRefreshPromise) {
+            gRefreshPromise->reject(std::make_exception_ptr(std::runtime_error("Refresh request superseded by a newer request")));
+        }
         gRefreshPromise = promise;
     }
     
@@ -155,6 +215,9 @@ std::shared_ptr<Promise<std::optional<AuthUser>>> PlatformAuth::silentRestore()
 
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gSilentPromise) {
+            gSilentPromise->reject(std::make_exception_ptr(std::runtime_error("Silent restore superseded by a newer request")));
+        }
         gSilentPromise = promise;
     }
 
@@ -182,8 +245,8 @@ void PlatformAuth::logout() {
     logoutMethod(JAuthAdapter::javaClassStatic(), static_ref_cast<JContext>(jContext));
 }
 
-extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeInitialize(JNIEnv* env, jclass, jobject context) {
-    AuthCache::setAndroidContext(env->NewGlobalRef(context));
+extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeInitialize(JNIEnv*, jclass, jobject context) {
+    AuthCache::setAndroidContext(context);
 }
 
 extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess(
@@ -253,6 +316,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess
             const char* s = env->GetStringUTFChars(jstr, nullptr);
             scopeVec.push_back(std::string(s));
             env->ReleaseStringUTFChars(jstr, s);
+            env->DeleteLocalRef(jstr);
         }
         user.scopes = scopeVec;
     }
@@ -260,6 +324,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess
         jclass longClass = env->FindClass("java/lang/Long");
         jmethodID longValueMethod = env->GetMethodID(longClass, "longValue", "()J");
         user.expirationTime = (double)env->CallLongMethod(expirationTime, longValueMethod);
+        env->DeleteLocalRef(longClass);
     }
     
     if (loginPromise) loginPromise->resolve(user);
@@ -328,6 +393,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnRefreshSucce
             jclass longClass = env->FindClass("java/lang/Long");
             jmethodID longValueMethod = env->GetMethodID(longClass, "longValue", "()J");
             tokens.expirationTime = (double)env->CallLongMethod(expirationTime, longValueMethod);
+            env->DeleteLocalRef(longClass);
         }
         refreshPromise->resolve(tokens);
     }

package/android/src/main/java/com/auth/AuthAdapter.kt

@@ -3,9 +3,7 @@
 package com.auth
 
 import android.content.Context
-import android.content.SharedPreferences
 import android.os.Bundle
-import android.os.Build
 import android.util.Log
 import com.google.android.gms.auth.api.signin.GoogleSignIn
 import com.google.android.gms.auth.api.signin.GoogleSignInAccount
@@ -27,21 +25,20 @@ import android.app.Application
 import android.content.Intent
 import android.net.Uri
 import androidx.browser.customtabs.CustomTabsIntent
-import androidx.security.crypto.EncryptedSharedPreferences
-import androidx.security.crypto.MasterKeys
 import java.util.UUID
-import org.json.JSONArray
 import org.json.JSONObject
 import android.util.Base64
 
 object AuthAdapter {
     private const val TAG = "AuthAdapter"
-    private const val PREF_NAME = "nitro_auth"
-    private const val SECURE_PREF_NAME = "nitro_auth_secure"
     
+    @Volatile
+    private var isInitialized = false
+
     private var appContext: Context? = null
     private var currentActivity: Activity? = null
     private var googleSignInClient: GoogleSignInClient? = null
+    private var lifecycleCallbacks: Application.ActivityLifecycleCallbacks? = null
     private var pendingScopes: List<String> = emptyList()
     private var pendingMicrosoftScopes: List<String> = emptyList()
     
@@ -51,47 +48,10 @@ object AuthAdapter {
     private var pendingMicrosoftTenant: String? = null
     private var pendingMicrosoftClientId: String? = null
     private var pendingMicrosoftB2cDomain: String? = null
-
-    private fun getPrefs(context: Context): SharedPreferences {
-        return try {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                val masterKeyAlias = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
-                val securePrefs = EncryptedSharedPreferences.create(
-                    SECURE_PREF_NAME,
-                    masterKeyAlias,
-                    context,
-                    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-                    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
-                )
-                migrateLegacyPrefsIfNeeded(context, securePrefs)
-                securePrefs
-            } else {
-                context.getSharedPreferences(PREF_NAME, Context.MODE_PRIVATE)
-            }
-        } catch (e: Exception) {
-            Log.w(TAG, "Failed to initialize encrypted storage, falling back to SharedPreferences", e)
-            context.getSharedPreferences(PREF_NAME, Context.MODE_PRIVATE)
-        }
-    }
-
-    private fun migrateLegacyPrefsIfNeeded(context: Context, securePrefs: SharedPreferences) {
-        val legacyPrefs = context.getSharedPreferences(PREF_NAME, Context.MODE_PRIVATE)
-        if (legacyPrefs.all.isEmpty() || securePrefs.all.isNotEmpty()) {
-            return
-        }
-        val editor = securePrefs.edit()
-        for ((key, value) in legacyPrefs.all) {
-            when (value) {
-                is String -> editor.putString(key, value)
-                is Boolean -> editor.putBoolean(key, value)
-                is Int -> editor.putInt(key, value)
-                is Long -> editor.putLong(key, value)
-                is Float -> editor.putFloat(key, value)
-            }
-        }
-        editor.apply()
-        legacyPrefs.edit().clear().apply()
-    }
+    
+    private var inMemoryMicrosoftRefreshToken: String? = null
+    private var inMemoryMicrosoftScopes: List<String> =
+        listOf("openid", "email", "profile", "offline_access", "User.Read")
 
     @JvmStatic
     private external fun nativeInitialize(context: Context)
@@ -118,34 +78,43 @@ object AuthAdapter {
     @JvmStatic
     private external fun nativeOnRefreshError(error: String, underlyingError: String?)
 
+    @Synchronized
     fun initialize(context: Context) {
-        val app = context.applicationContext as? Application
-        appContext = app
-        
-        app?.registerActivityLifecycleCallbacks(object : Application.ActivityLifecycleCallbacks {
-            override fun onActivityCreated(activity: Activity, savedInstanceState: Bundle?) { currentActivity = activity }
-            override fun onActivityStarted(activity: Activity) { currentActivity = activity }
-            override fun onActivityResumed(activity: Activity) { currentActivity = activity }
-            override fun onActivityPaused(activity: Activity) { if (currentActivity == activity) currentActivity = null }
-            override fun onActivityStopped(activity: Activity) { if (currentActivity == activity) currentActivity = null }
-            override fun onActivitySaveInstanceState(activity: Activity, outState: Bundle) {}
-            override fun onActivityDestroyed(activity: Activity) { if (currentActivity == activity) currentActivity = null }
-        })
+        if (isInitialized) {
+            return
+        }
+
+        val applicationContext = context.applicationContext
+        appContext = applicationContext
+
+        val app = applicationContext as? Application
+        if (app != null && lifecycleCallbacks == null) {
+            lifecycleCallbacks = object : Application.ActivityLifecycleCallbacks {
+                override fun onActivityCreated(activity: Activity, savedInstanceState: Bundle?) { currentActivity = activity }
+                override fun onActivityStarted(activity: Activity) { currentActivity = activity }
+                override fun onActivityResumed(activity: Activity) { currentActivity = activity }
+                override fun onActivityPaused(activity: Activity) { if (currentActivity == activity) currentActivity = null }
+                override fun onActivityStopped(activity: Activity) { if (currentActivity == activity) currentActivity = null }
+                override fun onActivitySaveInstanceState(activity: Activity, outState: Bundle) {}
+                override fun onActivityDestroyed(activity: Activity) { if (currentActivity == activity) currentActivity = null }
+            }
+            app.registerActivityLifecycleCallbacks(lifecycleCallbacks)
+        }
 
         try {
             System.loadLibrary("NitroAuth")
-            nativeInitialize(appContext!!)
+            nativeInitialize(applicationContext)
+            isInitialized = true
         } catch (e: Exception) {
             Log.e(TAG, "Failed to load NitroAuth library", e)
         }
     }
 
     fun onSignInSuccess(account: GoogleSignInAccount, scopes: List<String>) {
-        val ctx = appContext ?: return
-        saveUser(ctx, "google", account.email, account.displayName,
-                 account.photoUrl?.toString(), account.idToken, account.serverAuthCode, scopes)
+        appContext ?: return
+        val expirationTime = getJwtExpirationTimeMs(account.idToken)
         nativeOnLoginSuccess("google", account.email, account.displayName,
-                            account.photoUrl?.toString(), account.idToken, null, account.serverAuthCode, scopes.toTypedArray(), null)
+                            account.photoUrl?.toString(), account.idToken, null, account.serverAuthCode, scopes.toTypedArray(), expirationTime)
     }
 
     fun onSignInError(errorCode: Int, message: String?) {
@@ -393,12 +362,11 @@ object AuthAdapter {
             val email = claims["preferred_username"] ?: claims["email"]
             val name = claims["name"]
 
-            val ctx = appContext
-            if (ctx != null) {
-                saveUser(ctx, "microsoft", email, name, null, idToken, refreshToken, pendingMicrosoftScopes)
-                if (refreshToken.isNotEmpty()) {
-                    saveMicrosoftRefreshToken(ctx, refreshToken)
-                }
+            if (refreshToken.isNotEmpty()) {
+                inMemoryMicrosoftRefreshToken = refreshToken
+            }
+            inMemoryMicrosoftScopes = pendingMicrosoftScopes.ifEmpty {
+                listOf("openid", "email", "profile", "offline_access", "User.Read")
             }
 
             clearPkceState()
@@ -419,14 +387,12 @@ object AuthAdapter {
         }
     }
 
-    private fun saveMicrosoftRefreshToken(context: Context, refreshToken: String) {
-        val prefs = getPrefs(context)
-        prefs.edit().putString("microsoft_refresh_token", refreshToken).apply()
+    private fun saveMicrosoftRefreshToken(refreshToken: String) {
+        inMemoryMicrosoftRefreshToken = refreshToken
     }
 
-    private fun getMicrosoftRefreshToken(context: Context): String? {
-        val prefs = getPrefs(context)
-        return prefs.getString("microsoft_refresh_token", null)
+    private fun getMicrosoftRefreshToken(): String? {
+        return inMemoryMicrosoftRefreshToken
     }
 
     private fun clearPkceState() {
@@ -455,6 +421,15 @@ object AuthAdapter {
         }
     }
 
+    private fun getJwtExpirationTimeMs(idToken: String?): Long? {
+        if (idToken.isNullOrEmpty()) {
+            return null
+        }
+
+        val expSeconds = decodeJwt(idToken)["exp"]?.toLongOrNull() ?: return null
+        return expSeconds * 1000
+    }
+
     private fun getMicrosoftClientIdFromResources(context: Context): String? {
         val resId = context.resources.getIdentifier("nitro_auth_microsoft_client_id", "string", context.packageName)
         return if (resId != 0) context.getString(resId) else null
@@ -553,6 +528,7 @@ object AuthAdapter {
         }
 
         if (googleIdTokenCredential != null) {
+            val expirationTime = getJwtExpirationTimeMs(googleIdTokenCredential.idToken)
             nativeOnLoginSuccess(
                 "google",
                 googleIdTokenCredential.id,
@@ -562,7 +538,7 @@ object AuthAdapter {
                 null,
                 null,
                 scopes.toTypedArray(),
-                null
+                expirationTime
             )
         } else {
             Log.w(TAG, "Unsupported credential type: ${credential.type}")
@@ -590,12 +566,8 @@ object AuthAdapter {
             ctx.startActivity(intent)
             return
         }
-        val userJson = getUserJson(ctx)
-        if (userJson != null && userJson.contains("\"provider\":\"microsoft\"")) {
-            val currentScopes = extractScopesFromUserJson(userJson)
-            val defaultMicrosoftScopes = listOf("openid", "email", "profile", "offline_access", "User.Read")
-            val existing = if (currentScopes.isEmpty()) defaultMicrosoftScopes else currentScopes
-            val mergedScopes = (existing + scopes.toList()).distinct()
+        if (inMemoryMicrosoftRefreshToken != null) {
+            val mergedScopes = (inMemoryMicrosoftScopes + scopes.toList()).distinct()
             val tenant = getMicrosoftTenantFromResources(ctx)
             loginMicrosoft(ctx, mergedScopes.toTypedArray(), null, tenant, null)
             return
@@ -624,20 +596,21 @@ object AuthAdapter {
             googleSignInClient!!.silentSignIn().addOnCompleteListener { task ->
                 if (task.isSuccessful) {
                     val acc = task.result
-                    nativeOnRefreshSuccess(acc?.idToken, null, null)
+                    nativeOnRefreshSuccess(
+                        acc?.idToken,
+                        null,
+                        getJwtExpirationTimeMs(acc?.idToken),
+                    )
                 } else {
                     nativeOnRefreshError("network_error", task.exception?.message ?: "Silent sign-in failed")
                 }
             }
             return
         }
-        val userJson = getUserJson(ctx)
-        if (userJson != null && userJson.contains("\"provider\":\"microsoft\"")) {
-            val refreshToken = getMicrosoftRefreshToken(ctx)
-            if (refreshToken != null) {
-                refreshMicrosoftTokenForRefresh(ctx, refreshToken)
-                return
-            }
+        val refreshToken = getMicrosoftRefreshToken()
+        if (refreshToken != null) {
+            refreshMicrosoftTokenForRefresh(ctx, refreshToken)
+            return
         }
         nativeOnRefreshError("unknown", "No user logged in")
     }
@@ -662,7 +635,8 @@ object AuthAdapter {
                 .build()
             GoogleSignIn.getClient(ctx, gso).signOut()
         }
-        clearUser(ctx)
+        inMemoryMicrosoftRefreshToken = null
+        inMemoryMicrosoftScopes = listOf("openid", "email", "profile", "offline_access", "User.Read")
     }
 
     @JvmStatic
@@ -677,7 +651,8 @@ object AuthAdapter {
                 .build()
             GoogleSignIn.getClient(ctx, gso).revokeAccess()
         }
-        clearUser(ctx)
+        inMemoryMicrosoftRefreshToken = null
+        inMemoryMicrosoftScopes = listOf("openid", "email", "profile", "offline_access", "User.Read")
     }
 
     private fun getClientIdFromResources(context: Context): String? {
@@ -685,66 +660,19 @@ object AuthAdapter {
         return if (resId != 0) context.getString(resId) else null
     }
 
-    @JvmStatic
-    fun getUserJson(context: Context): String? {
-        val pref = getPrefs(context)
-        return pref.getString("user_json", null)
-    }
-
-    @JvmStatic
-    fun setUserJson(context: Context, json: String) {
-        val pref = getPrefs(context)
-        pref.edit().putString("user_json", json).apply()
-    }
-
-    @JvmStatic
-    fun clearUser(context: Context) {
-        val pref = getPrefs(context)
-        pref.edit().clear().apply()
-    }
-
     @JvmStatic
     fun restoreSession(context: Context) {
         val ctx = context.applicationContext ?: appContext ?: context
         val account = GoogleSignIn.getLastSignedInAccount(ctx)
         if (account != null) {
+            val expirationTime = getJwtExpirationTimeMs(account.idToken)
             nativeOnLoginSuccess("google", account.email, account.displayName,
                                 account.photoUrl?.toString(), account.idToken, null, account.serverAuthCode,
-                                account.grantedScopes?.map { it.scopeUri }?.toTypedArray(), null)
+                                account.grantedScopes?.map { it.scopeUri }?.toTypedArray(), expirationTime)
         } else {
-            val json = getUserJson(ctx)
-            if (json != null) {
-                val provider = try {
-                    val parsed = JSONObject(json)
-                    parsed.optString("provider")
-                } catch (_: Exception) {
-                    ""
-                }
-                val effectiveProvider = when (provider) {
-                    "google" -> "google"
-                    "microsoft" -> "microsoft"
-                    "apple" -> "apple"
-                    else -> "apple"
-                }
-                
-                if (effectiveProvider == "microsoft") {
-                    val refreshToken = getMicrosoftRefreshToken(ctx)
-                    if (refreshToken != null) {
-                        refreshMicrosoftToken(ctx, refreshToken)
-                    } else {
-                        val email = extractJsonValue(json, "email")
-                        val name = extractJsonValue(json, "name")
-                        val idToken = extractJsonValue(json, "idToken")
-                        nativeOnLoginSuccess(effectiveProvider, email, name, null, idToken, null, null, null, null)
-                    }
-                } else {
-                    val email = extractJsonValue(json, "email")
-                    val name = extractJsonValue(json, "name")
-                    val photo = extractJsonValue(json, "photo")
-                    val idToken = extractJsonValue(json, "idToken")
-                    val serverAuthCode = extractJsonValue(json, "serverAuthCode")
-                    nativeOnLoginSuccess(effectiveProvider, email, name, photo, idToken, null, serverAuthCode, null, null)
-                }
+            val refreshToken = getMicrosoftRefreshToken()
+            if (refreshToken != null) {
+                refreshMicrosoftToken(ctx, refreshToken)
             } else {
                 nativeOnLoginError("unknown", "No session")
             }
@@ -801,9 +729,11 @@ object AuthAdapter {
                         val name = claims["name"]
 
                         if (newRefreshToken.isNotEmpty()) {
-                            saveMicrosoftRefreshToken(context, newRefreshToken)
+                            saveMicrosoftRefreshToken(newRefreshToken)
+                        }
+                        inMemoryMicrosoftScopes = pendingMicrosoftScopes.ifEmpty {
+                            listOf("openid", "email", "profile", "offline_access", "User.Read")
                         }
-                        saveUser(context, "microsoft", email, name, null, newIdToken, newRefreshToken, null)
 
                         nativeOnLoginSuccess("microsoft", email, name, null, newIdToken, newAccessToken, null, null, expirationTime)
                     } else {
@@ -859,9 +789,11 @@ object AuthAdapter {
                         val email = claims["preferred_username"] ?: claims["email"]
                         val name = claims["name"]
                         if (newRefreshToken.isNotEmpty()) {
-                            saveMicrosoftRefreshToken(context, newRefreshToken)
+                            saveMicrosoftRefreshToken(newRefreshToken)
+                        }
+                        inMemoryMicrosoftScopes = pendingMicrosoftScopes.ifEmpty {
+                            listOf("openid", "email", "profile", "offline_access", "User.Read")
                         }
-                        saveUser(context, "microsoft", email, name, null, newIdToken, newRefreshToken, null)
                         nativeOnRefreshSuccess(
                             newIdToken.ifEmpty { null },
                             newAccessToken.ifEmpty { null },
@@ -879,36 +811,4 @@ object AuthAdapter {
         }
     }
 
-    private fun extractJsonValue(json: String, key: String): String? {
-        return try {
-            val value = JSONObject(json).optString(key, "")
-            if (value.isEmpty()) null else value
-        } catch (_: Exception) {
-            null
-        }
-    }
-
-    private fun extractScopesFromUserJson(json: String): List<String> {
-        return try {
-            val jsonObj = JSONObject(json)
-            val arr = jsonObj.optJSONArray("scopes") ?: return emptyList()
-            (0 until arr.length()).mapNotNull { i -> arr.optString(i).takeIf { it.isNotEmpty() } }
-        } catch (_: Exception) {
-            emptyList()
-        }
-    }
-
-    private fun saveUser(context: Context, provider: String, email: String?, name: String?, 
-                          photo: String?, idToken: String?, serverAuthCode: String?, scopes: List<String>?) {
-        val pref = getPrefs(context)
-        val json = JSONObject()
-        json.put("provider", provider)
-        if (email != null) json.put("email", email)
-        if (name != null) json.put("name", name)
-        if (photo != null) json.put("photo", photo)
-        if (idToken != null) json.put("idToken", idToken)
-        if (serverAuthCode != null) json.put("serverAuthCode", serverAuthCode)
-        if (scopes != null) json.put("scopes", JSONArray(scopes))
-        pref.edit().putString("user_json", json.toString()).apply()
-    }
 }

package/android/src/main/java/com/auth/NitroAuthPackage.kt

@@ -1,4 +1,4 @@
-@file:Suppress("DEPRECATION")
+@file:Suppress("DEPRECATION", "OVERRIDE_DEPRECATION")
 
 package com.auth
 

package/app.plugin.js

@@ -6,7 +6,6 @@ const {
   AndroidConfig,
   createRunOncePlugin,
 } = require("@expo/config-plugins");
-
 const pkg = require("./package.json");
 
 const withNitroAuth = (config, props = {}) => {
@@ -157,9 +156,7 @@ const withNitroAuth = (config, props = {}) => {
           ],
         };
         const existingMsalActivity = application.activity.find(
-          (a) =>
-            a.$?.["android:name"] ===
-            "com.auth.MicrosoftAuthActivity",
+          (a) => a.$?.["android:name"] === "com.auth.MicrosoftAuthActivity",
         );
         if (!existingMsalActivity) {
           application.activity.push(msalActivity);
@@ -172,8 +169,4 @@ const withNitroAuth = (config, props = {}) => {
   return config;
 };
 
-module.exports = createRunOncePlugin(
-  withNitroAuth,
-  pkg.name,
-  pkg.version,
-);
+module.exports = createRunOncePlugin(withNitroAuth, pkg.name, pkg.version);