react-native-nitro-auth 0.5.3 → 0.5.5

package/README.md

@@ -71,11 +71,11 @@ bun add react-native-nitro-auth react-native-nitro-modules
 
 ### Requirements
 
-| Dependency                   | Version     |
-| ---------------------------- | ----------- |
-| `react-native`               | `>= 0.75.0` |
-| `react-native-nitro-modules` | `>= 0.33.9` |
-| `react`                      | `*`         |
+| Dependency                   | Version      |
+| ---------------------------- | ------------ |
+| `react-native`               | `>= 0.75.0`  |
+| `react-native-nitro-modules` | `>= 0.35.0`  |
+| `react`                      | `*`          |
 
 For Expo projects, rebuild native code after installation:
 
@@ -670,17 +670,25 @@ const freshToken = await AuthService.getAccessToken();
 
 ### Standardized Error Codes
 
-Handle failures reliably with predictable error strings. Some flows can surface provider-specific codes (listed below):
+All errors thrown by `AuthService` and `useAuth` are `AuthError` instances with a type-safe `code` field (always a valid `AuthErrorCode`) and an optional `underlyingMessage` with the raw provider string when it differs from the code.
 
 ```ts
+import { AuthError } from "react-native-nitro-auth";
+
 try {
   await login("google");
 } catch (e) {
-  const error = e as Error;
-  if (error.message === "cancelled") {
-    // User closed the popup/picker
-  } else if (error.message === "network_error") {
-    // Connection issues
+  if (e instanceof AuthError) {
+    switch (e.code) {
+      case "cancelled":
+        // User closed the popup/picker
+        break;
+      case "network_error":
+        // Connection issues
+        break;
+      default:
+        console.error(e.code, e.underlyingMessage);
+    }
   }
 }
 ```
@@ -701,24 +709,24 @@ try {
 
 ### Native Error Metadata
 
-For more detailed debugging, Nitro Auth captures raw provider/native details in `underlyingError` where available:
+`AuthError` carries the raw provider/native message in `underlyingMessage` when the platform error didn't map to a known code:
 
 ```ts
-// From authenticated user (on success)
-const { user } = useAuth();
-if (user?.underlyingError) {
-  console.warn("Auth warning:", user.underlyingError);
-}
+import { AuthError } from "react-native-nitro-auth";
 
-// From error (on failure)
 try {
   await login("google");
 } catch (e) {
-  const error = e as Error & { underlyingError?: string };
-  console.log("Native error:", error.underlyingError);
+  if (e instanceof AuthError) {
+    // e.code is always a valid AuthErrorCode
+    // e.underlyingMessage is the original native string (or undefined if it equalled the code)
+    console.log(e.code, e.underlyingMessage);
+  }
 }
 ```
 
+The `AuthUser.underlyingError` field carries a raw warning string when the provider returns one alongside a successful result.
+
 ### Troubleshooting
 
 - `configuration_error`: verify client IDs, URL schemes, and redirect URIs are set for the current platform.
@@ -797,6 +805,9 @@ This is useful for scenarios where:
 ```ts
 import {
   AuthService,
+  AuthError,
+  isAuthErrorCode,
+  toAuthErrorCode,
   SocialButton,
   useAuth,
   type UseAuthReturn,
@@ -869,7 +880,7 @@ declare function useAuth(): UseAuthReturn;
 | `user`            | `AuthUser \| undefined`                                             | Current in-memory user                               |
 | `scopes`          | `string[]`                                                          | Current granted scopes                               |
 | `loading`         | `boolean`                                                           | `true` while an auth operation is in-flight          |
-| `error`           | `Error \| undefined`                                                | Last operation error                                 |
+| `error`           | `AuthError \| undefined`                                            | Last operation error (typed, safe to switch on `.code`) |
 | `hasPlayServices` | `boolean`                                                           | Android Play Services availability                   |
 | `login`           | `(provider: AuthProvider, options?: LoginOptions) => Promise<void>` | Starts provider login                                |
 | `logout`          | `() => void`                                                        | Clears current session                               |
@@ -965,17 +976,36 @@ There is no public `setStorageAdapter`/`setJSStorageAdapter` API in this package
 | `nitroAuthWebStorage`         | `"session" \| "local" \| "memory"` | `"session"` | Storage for non-sensitive web cache                       |
 | `nitroAuthPersistTokensOnWeb` | `boolean`                          | `false`     | Persist sensitive tokens on web storage instead of memory |
 
-### Error semantics
+### `AuthError`
+
+All thrown errors from `AuthService` and `useAuth` are `AuthError` instances.
+
+```ts
+class AuthError extends Error {
+  readonly code: AuthErrorCode;           // Always a valid AuthErrorCode — safe to switch on
+  readonly underlyingMessage?: string;    // Raw native/platform string when it differs from code
+  static from(e: unknown): AuthError;     // Wraps any value; passes AuthError instances through
+}
 
-Errors are surfaced as `Error` with `message` as a normalized code when possible, and `underlyingError` with provider/native details.
+function isAuthErrorCode(value: string): value is AuthErrorCode;
+function toAuthErrorCode(raw: string): AuthErrorCode; // Returns "unknown" for unrecognized strings
+```
 
-| Normalized message    | Meaning                                        |
-| --------------------- | ---------------------------------------------- |
-| `cancelled`           | User cancelled popup/login flow                |
-| `timeout`             | Provider popup did not complete before timeout |
-| `popup_blocked`       | Browser blocked popup opening                  |
-| `network_error`       | Network failure                                |
-| `configuration_error` | Missing/invalid provider configuration         |
+| `code`                 | Meaning                                        |
+| ---------------------- | ---------------------------------------------- |
+| `cancelled`            | User cancelled the login flow                  |
+| `timeout`              | Provider popup did not complete before timeout |
+| `popup_blocked`        | Browser blocked popup opening                  |
+| `network_error`        | Network failure                                |
+| `configuration_error`  | Missing/invalid provider configuration         |
+| `unsupported_provider` | Provider not supported on this platform        |
+| `invalid_state`        | PKCE state mismatch (possible CSRF)            |
+| `invalid_nonce`        | Nonce mismatch in token response               |
+| `token_error`          | Token exchange failed                          |
+| `no_id_token`          | No `id_token` in token response                |
+| `parse_error`          | Failed to parse token response                 |
+| `refresh_failed`       | Refresh token flow failed                      |
+| `unknown`              | Unrecognized error                             |
 
 ## Quality Gates
 

package/android/build.gradle

@@ -93,7 +93,7 @@ dependencies {
   implementation project(":react-native-nitro-modules")
   
   // Google Sign-In SDK (full scope support)
-  implementation "com.google.android.gms:play-services-auth:21.2.0"
+  implementation "com.google.android.gms:play-services-auth:21.5.1"
   
   // Activity result APIs
   implementation "androidx.activity:activity-ktx:1.9.3"
@@ -104,8 +104,5 @@ dependencies {
   // Google Credential Manager (One-Tap / Passkeys)
   implementation "androidx.credentials:credentials:1.5.0"
   implementation "androidx.credentials:credentials-play-services-auth:1.5.0"
-  implementation "com.google.android.libraries.identity.googleid:googleid:1.1.1"
-
-  // Secure storage (EncryptedSharedPreferences)
-  implementation "androidx.security:security-crypto:1.0.0"
+  implementation "com.google.android.libraries.identity.googleid:googleid:1.2.0"
 }

package/android/src/main/cpp/JniOnLoad.cpp

@@ -4,5 +4,7 @@
 
 extern "C" JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM* vm, void* reserved) {
   (void)reserved;
-  return margelo::nitro::NitroAuth::initialize(vm);
+  return facebook::jni::initialize(vm, []() {
+    margelo::nitro::NitroAuth::registerAllNatives();
+  });
 }

package/android/src/main/cpp/PlatformAuth+Android.cpp

@@ -6,6 +6,8 @@
 #include <fbjni/fbjni.h>
 #include <NitroModules/NitroLogger.hpp>
 #include <NitroModules/Promise.hpp>
+#include <exception>
+#include <stdexcept>
 
 namespace margelo::nitro::NitroAuth {
 
@@ -24,6 +26,33 @@ static std::shared_ptr<Promise<AuthUser>> gScopesPromise;
 static std::shared_ptr<Promise<AuthTokens>> gRefreshPromise;
 static std::shared_ptr<Promise<std::optional<AuthUser>>> gSilentPromise;
 static std::mutex gMutex;
+static jclass gAuthAdapterClass = nullptr;
+static jmethodID gLoginMethod = nullptr;
+static jmethodID gRequestScopesMethod = nullptr;
+
+static void ensureAuthAdapterMethods(JNIEnv* env) {
+    if (gAuthAdapterClass != nullptr && gLoginMethod != nullptr && gRequestScopesMethod != nullptr) {
+        return;
+    }
+
+    jclass localAdapterClass = env->FindClass("com/auth/AuthAdapter");
+    if (localAdapterClass == nullptr) {
+        throw std::runtime_error("Unable to resolve com/auth/AuthAdapter");
+    }
+    gAuthAdapterClass = static_cast<jclass>(env->NewGlobalRef(localAdapterClass));
+    env->DeleteLocalRef(localAdapterClass);
+
+    gLoginMethod = env->GetStaticMethodID(
+        gAuthAdapterClass,
+        "loginSync",
+        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZZLjava/lang/String;Ljava/lang/String;)V"
+    );
+    gRequestScopesMethod = env->GetStaticMethodID(
+        gAuthAdapterClass,
+        "requestScopesSync",
+        "(Landroid/content/Context;[Ljava/lang/String;)V"
+    );
+}
 
 std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, const std::optional<LoginOptions>& options) {
     auto promise = Promise<AuthUser>::create();
@@ -35,6 +64,9 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gLoginPromise) {
+            gLoginPromise->reject(std::make_exception_ptr(std::runtime_error("Login request superseded by a newer request")));
+        }
         gLoginPromise = promise;
     }
     
@@ -71,30 +103,47 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::login(AuthProvider provider, co
     }
 
     JNIEnv* env = Environment::current();
+    try {
+        ensureAuthAdapterMethods(env);
+    } catch (...) {
+        promise->reject(std::current_exception());
+        return promise;
+    }
     jclass stringClass = env->FindClass("java/lang/String");
     jobjectArray jScopes = env->NewObjectArray(scopes.size(), stringClass, nullptr);
     for (size_t i = 0; i < scopes.size(); i++) {
         env->SetObjectArrayElement(jScopes, i, make_jstring(scopes[i]).get());
     }
     
-    jstring jLoginHint = loginHint.has_value() ? make_jstring(loginHint.value()).get() : nullptr;
-    jstring jTenant = tenant.has_value() ? make_jstring(tenant.value()).get() : nullptr;
-    jstring jPrompt = prompt.has_value() ? make_jstring(prompt.value()).get() : nullptr;
-    
-    jclass adapterClass = env->FindClass("com/auth/AuthAdapter");
-    jmethodID loginMethod = env->GetStaticMethodID(adapterClass, "loginSync", 
-        "(Landroid/content/Context;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;ZZZLjava/lang/String;Ljava/lang/String;)V");
-    env->CallStaticVoidMethod(adapterClass, loginMethod, 
+    local_ref<JString> providerRef = make_jstring(providerStr);
+    local_ref<JString> loginHintRef;
+    local_ref<JString> tenantRef;
+    local_ref<JString> promptRef;
+
+    if (loginHint.has_value()) {
+        loginHintRef = make_jstring(loginHint.value());
+    }
+    if (tenant.has_value()) {
+        tenantRef = make_jstring(tenant.value());
+    }
+    if (prompt.has_value()) {
+        promptRef = make_jstring(prompt.value());
+    }
+
+    env->CallStaticVoidMethod(gAuthAdapterClass, gLoginMethod, 
         contextPtr, 
-        make_jstring(providerStr).get(),
+        providerRef.get(),
         nullptr,
         jScopes,
-        jLoginHint,
+        loginHintRef.get(),
         (jboolean)useOneTap,
         (jboolean)forceAccountPicker,
         (jboolean)useLegacyGoogleSignIn,
-        jTenant,
-        jPrompt);
+        tenantRef.get(),
+        promptRef.get());
+
+    env->DeleteLocalRef(jScopes);
+    env->DeleteLocalRef(stringClass);
     
     return promise;
 }
@@ -109,20 +158,28 @@ std::shared_ptr<Promise<AuthUser>> PlatformAuth::requestScopes(const std::vector
     
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gScopesPromise) {
+            gScopesPromise->reject(std::make_exception_ptr(std::runtime_error("Scope request superseded by a newer request")));
+        }
         gScopesPromise = promise;
     }
     
     JNIEnv* env = Environment::current();
+    try {
+        ensureAuthAdapterMethods(env);
+    } catch (...) {
+        promise->reject(std::current_exception());
+        return promise;
+    }
     jclass stringClass = env->FindClass("java/lang/String");
     jobjectArray jScopes = env->NewObjectArray(scopes.size(), stringClass, nullptr);
     for (size_t i = 0; i < scopes.size(); i++) {
         env->SetObjectArrayElement(jScopes, i, make_jstring(scopes[i]).get());
     }
     
-    jclass adapterClass = env->FindClass("com/auth/AuthAdapter");
-    jmethodID requestMethod = env->GetStaticMethodID(adapterClass, "requestScopesSync", 
-        "(Landroid/content/Context;[Ljava/lang/String;)V");
-    env->CallStaticVoidMethod(adapterClass, requestMethod, contextPtr, jScopes);
+    env->CallStaticVoidMethod(gAuthAdapterClass, gRequestScopesMethod, contextPtr, jScopes);
+    env->DeleteLocalRef(jScopes);
+    env->DeleteLocalRef(stringClass);
     return promise;
 }
 
@@ -136,6 +193,9 @@ std::shared_ptr<Promise<AuthTokens>> PlatformAuth::refreshToken() {
     
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gRefreshPromise) {
+            gRefreshPromise->reject(std::make_exception_ptr(std::runtime_error("Refresh request superseded by a newer request")));
+        }
         gRefreshPromise = promise;
     }
     
@@ -155,6 +215,9 @@ std::shared_ptr<Promise<std::optional<AuthUser>>> PlatformAuth::silentRestore()
 
     {
         std::lock_guard<std::mutex> lock(gMutex);
+        if (gSilentPromise) {
+            gSilentPromise->reject(std::make_exception_ptr(std::runtime_error("Silent restore superseded by a newer request")));
+        }
         gSilentPromise = promise;
     }
 
@@ -182,8 +245,8 @@ void PlatformAuth::logout() {
     logoutMethod(JAuthAdapter::javaClassStatic(), static_ref_cast<JContext>(jContext));
 }
 
-extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeInitialize(JNIEnv* env, jclass, jobject context) {
-    AuthCache::setAndroidContext(env->NewGlobalRef(context));
+extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeInitialize(JNIEnv*, jclass, jobject context) {
+    AuthCache::setAndroidContext(context);
 }
 
 extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess(
@@ -253,6 +316,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess
             const char* s = env->GetStringUTFChars(jstr, nullptr);
             scopeVec.push_back(std::string(s));
             env->ReleaseStringUTFChars(jstr, s);
+            env->DeleteLocalRef(jstr);
         }
         user.scopes = scopeVec;
     }
@@ -260,6 +324,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginSuccess
         jclass longClass = env->FindClass("java/lang/Long");
         jmethodID longValueMethod = env->GetMethodID(longClass, "longValue", "()J");
         user.expirationTime = (double)env->CallLongMethod(expirationTime, longValueMethod);
+        env->DeleteLocalRef(longClass);
     }
     
     if (loginPromise) loginPromise->resolve(user);
@@ -286,19 +351,21 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnLoginError(
     const char* errorCStr = env->GetStringUTFChars(error, nullptr);
     std::string errorStr(errorCStr);
     env->ReleaseStringUTFChars(error, errorCStr);
-    
-    std::string finalError = errorStr;
+
+    // errorStr is the structured AuthErrorCode (e.g. "cancelled", "network_error").
+    // underlyingError is a raw platform message for debugging — it must not replace the code.
     if (underlyingError) {
         const char* uCStr = env->GetStringUTFChars(underlyingError, nullptr);
-        finalError = std::string(uCStr);
         env->ReleaseStringUTFChars(underlyingError, uCStr);
+        // underlyingError is intentionally discarded here; the structured code is sufficient
+        // for consumers. If richer debugging is needed, add it to the AuthUser.underlyingError field.
     }
 
-    if (loginPromise) loginPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
-    if (scopesPromise) scopesPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
+    if (loginPromise) loginPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
+    if (scopesPromise) scopesPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
     if (silentPromise) {
         if (errorStr == "No session") silentPromise->resolve(std::nullopt);
-        else silentPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
+        else silentPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
     }
 }
 
@@ -328,6 +395,7 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnRefreshSucce
             jclass longClass = env->FindClass("java/lang/Long");
             jmethodID longValueMethod = env->GetMethodID(longClass, "longValue", "()J");
             tokens.expirationTime = (double)env->CallLongMethod(expirationTime, longValueMethod);
+            env->DeleteLocalRef(longClass);
         }
         refreshPromise->resolve(tokens);
     }
@@ -343,17 +411,15 @@ extern "C" JNIEXPORT void JNICALL Java_com_auth_AuthAdapter_nativeOnRefreshError
         gRefreshPromise = nullptr;
     }
     if (refreshPromise) {
-        std::string finalError;
         const char* errorCStr = env->GetStringUTFChars(error, nullptr);
-        finalError = std::string(errorCStr);
+        std::string errorStr(errorCStr);
         env->ReleaseStringUTFChars(error, errorCStr);
-        
+
         if (underlyingError) {
             const char* uCStr = env->GetStringUTFChars(underlyingError, nullptr);
-            finalError = std::string(uCStr);
             env->ReleaseStringUTFChars(underlyingError, uCStr);
         }
-        refreshPromise->reject(std::make_exception_ptr(std::runtime_error(finalError)));
+        refreshPromise->reject(std::make_exception_ptr(std::runtime_error(errorStr)));
     }
 }