[google_sign_in] Redesign API for current identity SDKs

[stuartmorgan-g]

This is a full overhaul of the google_sign_in API, with breaking changes for all component packages—including the platform interface. The usual model of adding the new approach while keeping the old one is not viable here, as the underlying SDKs have changed significantly since the original API was designed. Web already had some only-partially-compatible shims for this reason, and Android would have had to do something similar; see flutter/flutter#119300 and flutter/flutter#154205, and the design doc for more background.

• Fixes [google_sign_in] Rework google_sign_in to reflect changes in underlying SDKs flutter#119300
• Fixes [google_sign_in] Switch Android to Credential Manager flutter#154205
• Fixes [google_sign_in_web] Enable incremental authorization for Code Model. flutter#139406
• Fixes [google_sign_in_android] Remove deprecated API usages in most recent version of play-services-auth flutter#150365
• Fixes [google_sign_in_web] Remove deprecated signIn method. flutter#137727
• Fixes [google_sign_in] Implement canAccessScopes on mobile flutter#124206
• Fixes google_sign_in plugin links to obsolete documentation for web flutter#117794
• Fixes [google_sign_in] Android documentation is wrong flutter#107532
• Fixes [google_sign_in] Support passing a nonce flutter#85439
• Fixes [google_sign_in] java.lang.NullPointerException: Attempt to read from field [...] on a null object reference flutter#74308
• Fixes [google_sign_in] Add future that completes when the plugin is (really) ready. flutter#71607
• Fixes [google_sign_in_web] googleSignIn.signIn() hangs forever if can't connect to apis.google.com flutter#70427
• Fixes [google_sign_in] better error handling flutter#32441 (there may be more to do here over time, since we may find exceptions that are not caught, but we now have a structured system to convert errors to as we find specific unhandled cases)

Pre-Review Checklist

• I read the Contributor Guide and followed the process outlined there for submitting PRs.
• I read the Tree Hygiene page, which explains my responsibilities.
• I read and followed the relevant style guides and ran the auto-formatter.
• I signed the CLA.
• The title of the PR starts with the name of the package surrounded by square brackets, e.g. [shared_preferences]
• I linked to at least one issue that this PR fixes in the description above.
• I updated pubspec.yaml with an appropriate new version according to the pub versioning philosophy, or I have commented below to indicate which version change exemption this PR falls under¹.
• I updated CHANGELOG.md to add a description of the change, following repository CHANGELOG style, or I have commented below to indicate which CHANGELOG exemption this PR falls under¹.
• I updated/added any relevant documentation (doc comments with ///).
• I added new tests to check the change I am making, or I have commented below to indicate which test exemption this PR falls under¹.
• All existing and new tests are passing.

Footnotes

1. Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling. ↩ ↩² ↩³

[camsim99]

The Android implementation LGTM!

[camsim99]

Ok cool this is much clearer, thank you!

[camsim99]

Hahaha totally understandable! LGTM!

[stuartmorgan-g]

@LongCatIsLooong / @cbracken Ping on the iOS portion of this review.

[stuartmorgan-g]

@bparrishMines Could you review the platform interface and app-facing package changes?

[LongCatIsLooong]

As someone that's new to this plugin, thanks for the design doc! I still have a few questions after reading the doc.

[LongCatIsLooong]

nit: this sounds like there are platforms other than web where user interactions are required for Authorization request. Is that the case? How do I know which of the platforms my app targets have such restriction?

[LongCatIsLooong]

supportsAuthenticate? But that's for authentication I assume?

[stuartmorgan-g]

In practice, it's just web (and that may well be true forever). I changed this because we are generally moving toward trying to be as platform agnostic as possible in the app-facing package, because the idea of a federated plugin is that we don't know what other platforms might be supported. You make a great point though; making the README more general without providing a corresponding API just means it's vague and less actionable.

I like the idea of using support queries for this. I plumbed through an authorizationRequiresUserInteraction() for this purpose, and updated the README and API docs accordingly.

[LongCatIsLooong]

Sounds good (I don't see a new commit tho).

[LongCatIsLooong]

Hmm this reminds me of flutter/flutter#168100, if the user connects / disconnects a mouse / keyboard on Android the activity will restart and that would result in the element tree being re-inflated anew.

I guess that does not break the new flow (from reading the docs initialize has to be called exactly once in a program) since the new activity will spin up a new dart vm? Still it would be an annoyance that every time I unplug my keyboard I have to go over the sign-in process again.

[LongCatIsLooong]

Or when the activity restarts, the lightweight authentication path will be taken and the flow will typically be invisible to user / require no additional user interactions?

EDIT: Just read the design doc and it mentioned "Fully silent sign in is no longer available"

[stuartmorgan-g]

Still it would be an annoyance that every time I unplug my keyboard I have to go over the sign-in process again.

That's up to whether the app developer chooses to include auth state in their state restoration.

Or when the activity restarts, the lightweight authentication path will be taken

That's up to the app developer too.

[LongCatIsLooong]

include auth state in their state restoration

Oh I thought the developer would have to restore GoogleSignIn, and state restoration only supports value types. If the dart part of GoogleSignIn doesn't keep any secret state itself then that makes sense.

[LongCatIsLooong]

uber nit, consider making user and authorization final if possible?

[stuartmorgan-g]

Made user final. Making authorization final would require adding an else { authorization = null; } or restructuring to use a ternary in the assignment or using patterns, all of which would make the example more complicated for the README snippet.

[LongCatIsLooong]

Does this work?

final authorization = await user?.authorizationClient.authorizationForScopes(scopes);

[LongCatIsLooong]

nit: missing backticks / square brackets around UnsupportedError?

[stuartmorgan-g]

Fixed.

[LongCatIsLooong]

his -> is

[stuartmorgan-g]

Fixed.

[LongCatIsLooong]

Are these classes needed? It seems the sealed type is a glorified GoogleSignInAccount?.

[stuartmorgan-g]

Originally there were three subclasses, but exceptions moved into onError; now we could make them GoogleSignInAccount?.

It would make things less self-documenting though. It's non-obvious that getting null as an authenticationEvent means "the user signed out". Is that worth the slightly easier usage?

[LongCatIsLooong]

I was thinking maybe we can avoid introducing new classes by using typedef or extension types. I played with that idea but found the resulting code harder to read (the user code would still be the same though). So never mind.

[LongCatIsLooong]

is this still nonnull?

[stuartmorgan-g]

Yes, I must have deleted that by mistake when removing strong. Re-added.

[LongCatIsLooong]

I assume the user argument is not nullable, otherwise it's failing silently?

[stuartmorgan-g]

Yes. I've added some more nullability annotations for the private methods; in past projects we didn't annotate implementation files in general, but there's no reason not to here, and since Obj-C nullability is basically just documentation anyway we may as well express it (as we generally do with our newer Java plugin code).

[LongCatIsLooong]

can userId be null?

[stuartmorgan-g]

Nope, added annotation.

[LongCatIsLooong]

The signOut method seems to only sign out the current user: https://developers.google.com/identity/sign-in/ios/reference/Classes/GIDSignIn

Why do we have to remove everything in the dictionary? If refreshedAuthorizationTokensForUser gets called for a different user (is that possible`?) the app would get an error it seems?

[stuartmorgan-g]

The signOut method seems to only sign out the current user

That's true, but unlike the other platforms, Google Sign In for iOS bakes in the idea of a single current user in various places.

Why do we have to remove everything in the dictionary? If refreshedAuthorizationTokensForUser gets called for a different user (is that possible`?) the app would get an error it seems?

I was going to say it would anyway, but it looks like valid tokens would still be returned. Adding scopes, on the other hand will just fail. The underlying SDK API is a little strange in that it will potentially vend multiple user objects, but some operations will fail on all but one (and as a result, our API has the same behavior on iOS).

But it looks like we'll actually get better behavior by never clearing usersByIdentifier, so calls will continue to use the underlying SDK user objects if they have ever been available, and we can leave it to the SDK to work or not depending on its implementation details. User objects should be pretty lightweight, and in practice I expect it will be rare to make more than one anyway.

I've replaced this with a comment explaining why we're not removing anything from the dictionary.

[LongCatIsLooong]

The changes SGTM but I don't see a new commit?

[LongCatIsLooong]

Sounds good (I don't see a new commit tho).

[LongCatIsLooong]

include auth state in their state restoration

Oh I thought the developer would have to restore GoogleSignIn, and state restoration only supports value types. If the dart part of GoogleSignIn doesn't keep any secret state itself then that makes sense.

[LongCatIsLooong]

Does this work?

final authorization = await user?.authorizationClient.authorizationForScopes(scopes);

[LongCatIsLooong]

I was thinking maybe we can avoid introducing new classes by using typedef or extension types. I played with that idea but found the resulting code harder to read (the user code would still be the same though). So never mind.

[stuartmorgan-g]

The changes SGTM but I don't see a new commit?

Oops, I didn't notice that the push failed (I forgot I'd done a merge from main via the GitHub UI).

[stuartmorgan-g]

Does this work?

final authorization = await user?.authorizationClient.authorizationForScopes(scopes);

🤦🏻 Yes, that's much simpler.

(I can't reply inline to that comment, I think because I force-pushed so the commit it was on no longer exists.)