react-native-nitro-auth 0.5.12 → 0.6.0

package/cpp/HybridAuth.cpp

@@ -3,9 +3,14 @@
 #include <algorithm>
 #include <chrono>
 #include <exception>
+#include <iostream>
 #include <stdexcept>
 #include <unordered_set>
 
+#if defined(__ANDROID__)
+#include <android/log.h>
+#endif
+
 namespace margelo::nitro::NitroAuth {
 
 namespace {
@@ -20,6 +25,32 @@ void rejectIfPending(const std::shared_ptr<Promise<AuthTokens>>& promise, const
   }
 }
 
+void rejectIfPending(const std::shared_ptr<Promise<void>>& promise, const char* message) {
+  if (promise && promise->isPending()) {
+    promise->reject(makeAuthError(message));
+  }
+}
+
+void resolveIfPending(const std::shared_ptr<Promise<void>>& promise) {
+  if (promise && promise->isPending()) {
+    promise->resolve();
+  }
+}
+
+void rejectPendingSessionPromises(const std::vector<std::shared_ptr<Promise<void>>>& promises, const char* message) {
+  for (const auto& promise : promises) {
+    rejectIfPending(promise, message);
+  }
+}
+
+void writeNativeLog(const std::string& message) {
+#if defined(__ANDROID__)
+  __android_log_print(ANDROID_LOG_DEBUG, "NitroAuth", "%s", message.c_str());
+#else
+  std::clog << "[NitroAuth] " << message << std::endl;
+#endif
+}
+
 void mergeGrantedScopes(std::vector<std::string>& grantedScopes, const std::vector<std::string>& scopes) {
   std::unordered_set<std::string> knownScopes(grantedScopes.begin(), grantedScopes.end());
   grantedScopes.reserve(grantedScopes.size() + scopes.size());
@@ -130,25 +161,65 @@ std::shared_ptr<Promise<AuthTokens>> HybridAuth::advanceSessionGenerationLocked(
   return refreshInFlight;
 }
 
+void HybridAuth::trackSessionPromiseLocked(const std::shared_ptr<Promise<void>>& promise) {
+  _sessionPromises.erase(
+    std::remove_if(_sessionPromises.begin(), _sessionPromises.end(), [](const std::weak_ptr<Promise<void>>& weak) {
+      auto promise = weak.lock();
+      return !promise || !promise->isPending();
+    }),
+    _sessionPromises.end()
+  );
+  _sessionPromises.push_back(promise);
+}
+
+std::vector<std::shared_ptr<Promise<void>>> HybridAuth::takePendingSessionPromisesLocked() {
+  std::vector<std::shared_ptr<Promise<void>>> pending;
+  for (const auto& weak : _sessionPromises) {
+    auto promise = weak.lock();
+    if (promise && promise->isPending()) {
+      pending.push_back(promise);
+    }
+  }
+  _sessionPromises.clear();
+  return pending;
+}
+
+void HybridAuth::log(const std::string& message) {
+  bool enabled;
+  {
+    std::lock_guard<std::recursive_mutex> lock(_mutex);
+    enabled = _loggingEnabled;
+  }
+  if (enabled) {
+    writeNativeLog(message);
+  }
+}
+
 void HybridAuth::logout() {
+  log("logout");
   std::shared_ptr<Promise<AuthTokens>> refreshInFlight;
+  std::vector<std::shared_ptr<Promise<void>>> sessionPromises;
   {
     std::lock_guard<std::recursive_mutex> lock(_mutex);
+    sessionPromises = takePendingSessionPromisesLocked();
     refreshInFlight = advanceSessionGenerationLocked();
     _currentUser = std::nullopt;
     _grantedScopes.clear();
   }
   rejectIfPending(refreshInFlight, "not_signed_in");
+  rejectPendingSessionPromises(sessionPromises, "cancelled");
   PlatformAuth::logout();
   notifyAuthStateChanged();
 }
 
 std::shared_ptr<Promise<void>> HybridAuth::silentRestore() {
+  log("silentRestore start");
   auto promise = Promise<void>::create();
   uint64_t generation;
   {
     std::lock_guard<std::recursive_mutex> lock(_mutex);
     generation = _sessionGeneration;
+    trackSessionPromiseLocked(promise);
   }
   auto silentPromise = PlatformAuth::silentRestore();
   auto self = shared_from_this();
@@ -162,7 +233,8 @@ std::shared_ptr<Promise<void>> HybridAuth::silentRestore() {
     {
       std::lock_guard<std::recursive_mutex> lock(auth->_mutex);
       if (auth->_sessionGeneration != generation) {
-        promise->resolve();
+        auth->log("silentRestore cancelled");
+        resolveIfPending(promise);
         return;
       }
       refreshInFlight = auth->advanceSessionGenerationLocked();
@@ -178,42 +250,51 @@ std::shared_ptr<Promise<void>> HybridAuth::silentRestore() {
       }
     }
     rejectIfPending(refreshInFlight, "cancelled");
-    // Always resolve - no session is not an error, just means user is logged out
     auth->notifyAuthStateChanged();
-    promise->resolve();
+    auth->log(user ? "silentRestore resolved with session" : "silentRestore resolved without session");
+    resolveIfPending(promise);
   });
   
-  silentPromise->addOnRejectedListener([promise](const std::exception_ptr&) {
-    // Silently ignore errors during restore - user will be logged out
-    promise->resolve();
+  silentPromise->addOnRejectedListener([self, promise](const std::exception_ptr&) {
+    auto* auth = dynamic_cast<HybridAuth*>(self.get());
+    if (auth) {
+      auth->log("silentRestore rejected");
+    }
+    resolveIfPending(promise);
   });
   return promise;
 }
 
 std::shared_ptr<Promise<void>> HybridAuth::login(AuthProvider provider, const std::optional<LoginOptions>& options) {
+  log("login start");
   auto promise = Promise<void>::create();
   uint64_t generation;
   std::shared_ptr<Promise<AuthTokens>> refreshInFlight;
+  std::vector<std::shared_ptr<Promise<void>>> sessionPromises;
   {
     std::lock_guard<std::recursive_mutex> lock(_mutex);
+    sessionPromises = takePendingSessionPromisesLocked();
     refreshInFlight = advanceSessionGenerationLocked();
     generation = _sessionGeneration;
+    trackSessionPromiseLocked(promise);
   }
   rejectIfPending(refreshInFlight, "cancelled");
+  rejectPendingSessionPromises(sessionPromises, "cancelled");
   
   auto self = shared_from_this();
   auto loginPromise = PlatformAuth::login(provider, options);
   loginPromise->addOnResolvedListener([self, promise, options, generation](const AuthUser& user) {
     auto* auth = dynamic_cast<HybridAuth*>(self.get());
     if (!auth) {
-      promise->reject(makeAuthError("internal_error"));
+      rejectIfPending(promise, "internal_error");
       return;
     }
     std::shared_ptr<Promise<AuthTokens>> refreshInFlight;
     {
       std::lock_guard<std::recursive_mutex> lock(auth->_mutex);
       if (auth->_sessionGeneration != generation) {
-        promise->reject(makeAuthError("cancelled"));
+        auth->log("login cancelled");
+        rejectIfPending(promise, "cancelled");
         return;
       }
       refreshInFlight = auth->advanceSessionGenerationLocked();
@@ -233,34 +314,44 @@ std::shared_ptr<Promise<void>> HybridAuth::login(AuthProvider provider, const st
     }
     rejectIfPending(refreshInFlight, "cancelled");
     auth->notifyAuthStateChanged();
-    promise->resolve();
+    auth->log("login resolved");
+    resolveIfPending(promise);
   });
   
-  loginPromise->addOnRejectedListener([promise](const std::exception_ptr& error) {
-    promise->reject(error);
+  loginPromise->addOnRejectedListener([self, promise](const std::exception_ptr& error) {
+    auto* auth = dynamic_cast<HybridAuth*>(self.get());
+    if (auth) {
+      auth->log("login rejected");
+    }
+    if (promise->isPending()) {
+      promise->reject(error);
+    }
   });
   return promise;
 }
 
 std::shared_ptr<Promise<void>> HybridAuth::requestScopes(const std::vector<std::string>& scopes) {
+  log("requestScopes start");
   auto promise = Promise<void>::create();
   uint64_t generation;
   {
     std::lock_guard<std::recursive_mutex> lock(_mutex);
     generation = _sessionGeneration;
+    trackSessionPromiseLocked(promise);
   }
   auto self = shared_from_this();
   auto requestPromise = PlatformAuth::requestScopes(scopes);
   requestPromise->addOnResolvedListener([self, promise, scopes, generation](const AuthUser& user) {
     auto* auth = dynamic_cast<HybridAuth*>(self.get());
     if (!auth) {
-      promise->reject(makeAuthError("internal_error"));
+      rejectIfPending(promise, "internal_error");
       return;
     }
     {
       std::lock_guard<std::recursive_mutex> lock(auth->_mutex);
       if (auth->_sessionGeneration != generation) {
-        promise->reject(makeAuthError("cancelled"));
+        auth->log("requestScopes cancelled");
+        rejectIfPending(promise, "cancelled");
         return;
       }
       auth->_currentUser = user;
@@ -268,16 +359,24 @@ std::shared_ptr<Promise<void>> HybridAuth::requestScopes(const std::vector<std::
       if (auth->_currentUser) auth->_currentUser->scopes = auth->_grantedScopes;
     }
     auth->notifyAuthStateChanged();
-    promise->resolve();
+    auth->log("requestScopes resolved");
+    resolveIfPending(promise);
   });
   
-  requestPromise->addOnRejectedListener([promise](const std::exception_ptr& error) {
-    promise->reject(error);
+  requestPromise->addOnRejectedListener([self, promise](const std::exception_ptr& error) {
+    auto* auth = dynamic_cast<HybridAuth*>(self.get());
+    if (auth) {
+      auth->log("requestScopes rejected");
+    }
+    if (promise->isPending()) {
+      promise->reject(error);
+    }
   });
   return promise;
 }
 
 std::shared_ptr<Promise<void>> HybridAuth::revokeScopes(const std::vector<std::string>& scopes) {
+  log("revokeScopes");
   auto promise = Promise<void>::create();
   {
     std::lock_guard<std::recursive_mutex> lock(_mutex);
@@ -291,7 +390,48 @@ std::shared_ptr<Promise<void>> HybridAuth::revokeScopes(const std::vector<std::s
   return promise;
 }
 
+std::shared_ptr<Promise<void>> HybridAuth::revokeAccess() {
+  log("revokeAccess start");
+  auto promise = Promise<void>::create();
+  std::shared_ptr<Promise<AuthTokens>> refreshInFlight;
+  std::vector<std::shared_ptr<Promise<void>>> sessionPromises;
+  {
+    std::lock_guard<std::recursive_mutex> lock(_mutex);
+    sessionPromises = takePendingSessionPromisesLocked();
+    refreshInFlight = advanceSessionGenerationLocked();
+    trackSessionPromiseLocked(promise);
+    _currentUser = std::nullopt;
+    _grantedScopes.clear();
+  }
+  rejectIfPending(refreshInFlight, "cancelled");
+  rejectPendingSessionPromises(sessionPromises, "cancelled");
+
+  auto platformPromise = PlatformAuth::revokeAccess();
+  auto self = shared_from_this();
+  platformPromise->addOnResolvedListener([self, promise]() {
+    auto* auth = dynamic_cast<HybridAuth*>(self.get());
+    if (!auth) {
+      rejectIfPending(promise, "internal_error");
+      return;
+    }
+    auth->notifyAuthStateChanged();
+    auth->log("revokeAccess resolved");
+    resolveIfPending(promise);
+  });
+  platformPromise->addOnRejectedListener([self, promise](const std::exception_ptr& error) {
+    auto* auth = dynamic_cast<HybridAuth*>(self.get());
+    if (auth) {
+      auth->log("revokeAccess rejected");
+    }
+    if (promise->isPending()) {
+      promise->reject(error);
+    }
+  });
+  return promise;
+}
+
 std::shared_ptr<Promise<std::optional<std::string>>> HybridAuth::getAccessToken() {
+  log("getAccessToken");
   auto promise = Promise<std::optional<std::string>>::create();
   bool needsRefresh = false;
   std::optional<std::string> cachedAccessToken;
@@ -326,6 +466,7 @@ std::shared_ptr<Promise<std::optional<std::string>>> HybridAuth::getAccessToken(
 }
 
 std::shared_ptr<Promise<AuthTokens>> HybridAuth::refreshToken() {
+  log("refreshToken start");
   std::shared_ptr<Promise<AuthTokens>> promise;
   uint64_t generation;
   {
@@ -380,6 +521,7 @@ std::shared_ptr<Promise<AuthTokens>> HybridAuth::refreshToken() {
     }
     auth->notifyTokensRefreshed(tokens);
     auth->notifyAuthStateChanged();
+    auth->log("refreshToken resolved");
     promise->resolve(tokens);
   });
 
@@ -402,16 +544,24 @@ std::shared_ptr<Promise<AuthTokens>> HybridAuth::refreshToken() {
       }
     }
     if (isStale) {
+      auth->log("refreshToken cancelled");
       rejectIfPending(promise, "cancelled");
       return;
     }
+    auth->log("refreshToken rejected");
     promise->reject(error);
   });
   return promise;
 }
  
-void HybridAuth::setLoggingEnabled(bool /* enabled */) {
-    // Reserved for future use — logging not yet implemented in C++ layer
+void HybridAuth::setLoggingEnabled(bool enabled) {
+  {
+    std::lock_guard<std::recursive_mutex> lock(_mutex);
+    _loggingEnabled = enabled;
+  }
+  if (enabled) {
+    writeNativeLog("native logging enabled");
+  }
 }
 
 void HybridAuth::notifyTokensRefreshed(const AuthTokens& tokens) {

package/cpp/HybridAuth.hpp

@@ -10,6 +10,7 @@
 #include <memory>
 #include <string>
 #include <map>
+#include <vector>
 
 namespace margelo::nitro::NitroAuth {
 
@@ -24,6 +25,7 @@ public:
   std::shared_ptr<Promise<void>> login(AuthProvider provider, const std::optional<LoginOptions>& options) override;
   std::shared_ptr<Promise<void>> requestScopes(const std::vector<std::string>& scopes) override;
   std::shared_ptr<Promise<void>> revokeScopes(const std::vector<std::string>& scopes) override;
+  std::shared_ptr<Promise<void>> revokeAccess() override;
   std::shared_ptr<Promise<std::optional<std::string>>> getAccessToken() override;
   std::shared_ptr<Promise<AuthTokens>> refreshToken() override;
 
@@ -39,6 +41,9 @@ private:
   void notifyAuthStateChanged();
   void notifyTokensRefreshed(const AuthTokens& tokens);
   std::shared_ptr<Promise<AuthTokens>> advanceSessionGenerationLocked();
+  void trackSessionPromiseLocked(const std::shared_ptr<Promise<void>>& promise);
+  std::vector<std::shared_ptr<Promise<void>>> takePendingSessionPromisesLocked();
+  void log(const std::string& message);
 
 private:
   std::optional<AuthUser> _currentUser;
@@ -49,7 +54,9 @@ private:
   std::map<uint64_t, std::function<void(const AuthTokens&)>> _tokenListeners;
   uint64_t _nextTokenListenerId = 0;
   std::shared_ptr<Promise<AuthTokens>> _refreshInFlight;
+  std::vector<std::weak_ptr<Promise<void>>> _sessionPromises;
   uint64_t _sessionGeneration = 0;
+  bool _loggingEnabled = false;
   
   // recursive_mutex: listeners resolved inside a lock scope may re-enter Auth methods
   // that also acquire _mutex, causing deadlock with a non-recursive mutex.

package/cpp/PlatformAuth.hpp

@@ -21,6 +21,7 @@ public:
   static std::shared_ptr<Promise<std::optional<AuthUser>>> silentRestore();
   static bool hasPlayServices();
   static void logout();
+  static std::shared_ptr<Promise<void>> revokeAccess();
 };
 
 } // namespace margelo::nitro::NitroAuth

package/ios/AuthAdapter.swift

@@ -12,14 +12,42 @@ public class AuthAdapter: NSObject {
   private static var inMemoryGoogleServerAuthCode: String?
   private static var activeMicrosoftWebAuthSession: ASWebAuthenticationSession?
   private static let tokenStoreLock = NSLock()
+  private static let interactiveAuthLock = NSLock()
+  private static var interactiveAuthInProgress = false
+
+  private static func beginInteractiveAuth() -> Bool {
+    interactiveAuthLock.lock()
+    defer { interactiveAuthLock.unlock() }
+    if interactiveAuthInProgress {
+      return false
+    }
+    interactiveAuthInProgress = true
+    return true
+  }
+
+  private static func finishInteractiveAuth() {
+    interactiveAuthLock.lock()
+    interactiveAuthInProgress = false
+    interactiveAuthLock.unlock()
+  }
+
+  private static func completeInteractiveAuth(_ completion: @escaping (NSDictionary?, String?) -> Void) -> (NSDictionary?, String?) -> Void {
+    return { data, error in
+      finishInteractiveAuth()
+      completion(data, error)
+    }
+  }
 
   @objc
-  public static func login(provider: String, scopes: [String], loginHint: String?, useSheet: Bool, forceAccountPicker: Bool = false, tenant: String? = nil, prompt: String? = nil, completion: @escaping (NSDictionary?, String?) -> Void) {
-    // useSheet is accepted for API compatibility with Android but has no effect on iOS.
-    // Google Sign-In SDK controls its own presentation style.
+  public static func login(provider: String, scopes: [String], loginHint: String?, nonce: String?, useSheet: Bool, forceAccountPicker: Bool = false, tenant: String? = nil, prompt: String? = nil, hostedDomain: String? = nil, openIDRealm: String? = nil, completion: @escaping (NSDictionary?, String?) -> Void) {
     if provider == "google" {
+      guard beginInteractiveAuth() else {
+        completion(nil, "operation_in_progress")
+        return
+      }
+      let complete = completeInteractiveAuth(completion)
       guard let clientId = Bundle.main.object(forInfoDictionaryKey: "GIDClientID") as? String, !clientId.isEmpty else {
-        completion(nil, "configuration_error")
+        complete(nil, "configuration_error")
         return
       }
       
@@ -27,23 +55,24 @@ public class AuthAdapter: NSObject {
       
       DispatchQueue.main.async {
         guard let rootVC = presentingViewController() else {
-          completion(nil, "configuration_error")
+          complete(nil, "configuration_error")
           return
         }
 
-        let config = GIDConfiguration(clientID: clientId, serverClientID: serverClientId)
+        let config = GIDConfiguration(clientID: clientId, serverClientID: serverClientId, hostedDomain: hostedDomain, openIDRealm: openIDRealm)
         GIDSignIn.sharedInstance.configuration = config
         
         let additionalScopes = scopes.isEmpty ? nil : scopes
-        let effectiveHint = forceAccountPicker ? nil : loginHint
+        let shouldForceAccountPicker = forceAccountPicker || useSheet
+        let effectiveHint = shouldForceAccountPicker ? nil : loginHint
         
         let performSignIn = {
-          GIDSignIn.sharedInstance.signIn(withPresenting: rootVC, hint: effectiveHint, additionalScopes: additionalScopes) { result, error in
-            self.handleGoogleResult(result, error: error, completion: completion)
+          GIDSignIn.sharedInstance.signIn(withPresenting: rootVC, hint: effectiveHint, additionalScopes: additionalScopes, nonce: nonce) { result, error in
+            self.handleGoogleResult(result, error: error, completion: complete)
           }
         }
         
-        if forceAccountPicker {
+        if shouldForceAccountPicker {
           GIDSignIn.sharedInstance.disconnect { _ in
             performSignIn()
           }
@@ -52,18 +81,34 @@ public class AuthAdapter: NSObject {
         }
       }
     } else if provider == "apple" {
+      guard beginInteractiveAuth() else {
+        completion(nil, "operation_in_progress")
+        return
+      }
+      let complete = completeInteractiveAuth(completion)
       let appleIDProvider = ASAuthorizationAppleIDProvider()
       let request = appleIDProvider.createRequest()
-      request.requestedScopes = [.fullName, .email]
+      request.requestedScopes = scopes.isEmpty
+        ? [.fullName, .email]
+        : scopes.compactMap { scope in
+          switch scope {
+          case "fullName", "name": return .fullName
+          case "email": return .email
+          default: return nil
+          }
+        }
+      if let nonce = nonce {
+        request.nonce = nonce
+      }
       
       let controller = ASAuthorizationController(authorizationRequests: [request])
-      let delegate = AppleSignInDelegate(completion: completion)
+      let delegate = AppleSignInDelegate(completion: complete)
       controller.delegate = delegate
       objc_setAssociatedObject(controller, &delegateHandle, delegate, .OBJC_ASSOCIATION_RETAIN_NONATOMIC)
 
       DispatchQueue.main.async {
         guard let window = activeWindow() else {
-          completion(nil, "configuration_error")
+          complete(nil, "configuration_error")
           return
         }
         let contextProvider = AppleSignInContextProvider(anchor: window)
@@ -83,6 +128,11 @@ public class AuthAdapter: NSObject {
       completion(nil, "configuration_error")
       return
     }
+    guard beginInteractiveAuth() else {
+      completion(nil, "operation_in_progress")
+      return
+    }
+    let complete = completeInteractiveAuth(completion)
     
     let effectiveTenant = tenant ?? Bundle.main.object(forInfoDictionaryKey: "MSALTenant") as? String ?? "common"
     let bundleId = Bundle.main.bundleIdentifier ?? ""
@@ -91,11 +141,11 @@ public class AuthAdapter: NSObject {
     let effectivePrompt = prompt ?? "select_account"
     
     guard let codeVerifier = generateCodeVerifier() else {
-      completion(nil, "configuration_error")
+      complete(nil, "configuration_error")
       return
     }
     guard let codeChallenge = generateCodeChallenge(codeVerifier) else {
-      completion(nil, "configuration_error")
+      complete(nil, "configuration_error")
       return
     }
     let state = UUID().uuidString
@@ -103,12 +153,12 @@ public class AuthAdapter: NSObject {
     
     let b2cDomain = Bundle.main.object(forInfoDictionaryKey: "MSALB2cDomain") as? String
     guard let authBaseUrl = getMicrosoftAuthBaseUrl(tenant: effectiveTenant, b2cDomain: b2cDomain) else {
-      completion(nil, "configuration_error")
+      complete(nil, "configuration_error")
       return
     }
 
     guard var urlComponents = URLComponents(string: "\(authBaseUrl)oauth2/v2.0/authorize") else {
-      completion(nil, "configuration_error")
+      complete(nil, "configuration_error")
       return
     }
     urlComponents.queryItems = [
@@ -129,7 +179,7 @@ public class AuthAdapter: NSObject {
     }
     
     guard let authUrl = urlComponents.url else {
-      completion(nil, "configuration_error")
+      complete(nil, "configuration_error")
       return
     }
     
@@ -137,13 +187,13 @@ public class AuthAdapter: NSObject {
     
     DispatchQueue.main.async {
       guard self.activeMicrosoftWebAuthSession == nil else {
-        completion(nil, "operation_in_progress")
+        complete(nil, "operation_in_progress")
         return
       }
 
       let completeAndClearSession = { (data: NSDictionary?, error: String?) in
         self.activeMicrosoftWebAuthSession = nil
-        completion(data, error)
+        complete(data, error)
       }
 
       let session = ASWebAuthenticationSession(url: authUrl, callbackURLScheme: callbackScheme) { callbackURL, error in
@@ -198,7 +248,7 @@ public class AuthAdapter: NSObject {
           b2cDomain: b2cDomain,
           expectedNonce: nonce,
           scopes: effectiveScopes,
-          completion: completion
+          completion: complete
         )
       }
 
@@ -391,6 +441,8 @@ public class AuthAdapter: NSObject {
       "idToken": user.idToken?.tokenString ?? "",
       "accessToken": user.accessToken.tokenString,
       "serverAuthCode": serverAuthCode,
+      "userId": user.userID ?? "",
+      "hostedDomain": user.configuration.hostedDomain ?? "",
       "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000,
       "underlyingError": ""
     ]
@@ -502,9 +554,11 @@ public class AuthAdapter: NSObject {
             "name": user.profile?.name ?? "",
             "photo": user.profile?.imageURL(withDimension: 300)?.absoluteString ?? "",
             "idToken": user.idToken?.tokenString ?? "",
-            "accessToken": user.accessToken.tokenString,
-            "serverAuthCode": cachedServerAuthCode ?? "",
-            "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000
+          "accessToken": user.accessToken.tokenString,
+          "serverAuthCode": cachedServerAuthCode ?? "",
+          "userId": user.userID ?? "",
+          "hostedDomain": user.configuration.hostedDomain ?? "",
+          "expirationTime": (user.accessToken.expirationDate?.timeIntervalSince1970 ?? 0) * 1000
           ]
           completion(data as NSDictionary)
           return
@@ -704,6 +758,7 @@ public class AuthAdapter: NSObject {
       self.activeMicrosoftWebAuthSession?.cancel()
       self.activeMicrosoftWebAuthSession = nil
     }
+    finishInteractiveAuth()
     tokenStoreLock.lock()
     inMemoryMicrosoftRefreshToken = nil
     inMemoryMicrosoftScopes = defaultMicrosoftScopes
@@ -711,6 +766,23 @@ public class AuthAdapter: NSObject {
     tokenStoreLock.unlock()
   }
 
+  @objc
+  public static func revokeAccess(completion: @escaping (String?) -> Void) {
+    GIDSignIn.sharedInstance.disconnect { error in
+      tokenStoreLock.lock()
+      inMemoryMicrosoftRefreshToken = nil
+      inMemoryMicrosoftScopes = defaultMicrosoftScopes
+      inMemoryGoogleServerAuthCode = nil
+      tokenStoreLock.unlock()
+
+      if let error = error {
+        completion(mapError(error))
+        return
+      }
+      completion(nil)
+    }
+  }
+
   private static func activeWindow() -> UIWindow? {
     let windowScenes = UIApplication.shared.connectedScenes
       .compactMap { $0 as? UIWindowScene }
@@ -769,6 +841,8 @@ class AppleSignInDelegate: NSObject, ASAuthorizationControllerDelegate {
         "email": email ?? "",
         "name": name,
         "idToken": idToken ?? "",
+        "authorizationCode": appleIDCredential.authorizationCode.flatMap { String(data: $0, encoding: .utf8) } ?? "",
+        "userId": appleIDCredential.user,
         "underlyingError": ""
       ]
       completion(data as NSDictionary, nil)