[google_sign_in] Redesign API for current identity SDKs

[stuartmorgan-g]

This is a full overhaul of the google_sign_in API, with breaking changes for all component packages—including the platform interface. The usual model of adding the new approach while keeping the old one is not viable here, as the underlying SDKs have changed significantly since the original API was designed. Web already had some only-partially-compatible shims for this reason, and Android would have had to do something similar; see flutter/flutter#119300 and flutter/flutter#154205, and the design doc for more background.

• Fixes [google_sign_in] Rework google_sign_in to reflect changes in underlying SDKs flutter#119300
• Fixes [google_sign_in] Switch Android to Credential Manager flutter#154205
• Fixes [google_sign_in_web] Enable incremental authorization for Code Model. flutter#139406
• Fixes [google_sign_in_android] Remove deprecated API usages in most recent version of play-services-auth flutter#150365
• Fixes [google_sign_in_web] Remove deprecated signIn method. flutter#137727
• Fixes [google_sign_in] Implement canAccessScopes on mobile flutter#124206
• Fixes google_sign_in plugin links to obsolete documentation for web flutter#117794
• Fixes [google_sign_in] Android documentation is wrong flutter#107532
• Fixes [google_sign_in] Support passing a nonce flutter#85439
• Fixes [google_sign_in] java.lang.NullPointerException: Attempt to read from field [...] on a null object reference flutter#74308
• Fixes [google_sign_in] Add future that completes when the plugin is (really) ready. flutter#71607
• Fixes [google_sign_in_web] googleSignIn.signIn() hangs forever if can't connect to apis.google.com flutter#70427
• Fixes [google_sign_in] better error handling flutter#32441 (there may be more to do here over time, since we may find exceptions that are not caught, but we now have a structured system to convert errors to as we find specific unhandled cases)

Pre-Review Checklist

• I read the Contributor Guide and followed the process outlined there for submitting PRs.
• I read the Tree Hygiene page, which explains my responsibilities.
• I read and followed the relevant style guides and ran the auto-formatter.
• I signed the CLA.
• The title of the PR starts with the name of the package surrounded by square brackets, e.g. [shared_preferences]
• I linked to at least one issue that this PR fixes in the description above.
• I updated pubspec.yaml with an appropriate new version according to the pub versioning philosophy, or I have commented below to indicate which version change exemption this PR falls under¹.
• I updated CHANGELOG.md to add a description of the change, following repository CHANGELOG style, or I have commented below to indicate which CHANGELOG exemption this PR falls under¹.
• I updated/added any relevant documentation (doc comments with ///).
• I added new tests to check the change I am making, or I have commented below to indicate which test exemption this PR falls under¹.
• All existing and new tests are passing.

Footnotes

1. Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling. ↩ ↩² ↩³

[ditman]

I don't think I have anything blocking. I took a look at google_sign_in, google_sign_in_platform_interface and google_sign_in_web.

[ditman]

'email' seems to me like an "old school" scope docs, maybe don't show it in this example, or replace by 'https://www.googleapis.com/auth/userinfo.email'?

[stuartmorgan-g]

Ah, I missed that this was an old/new API distinction. That helps explain https://github.com/flutter/packages/pull/9267/files#diff-30357d9348f31b88b886dbd8d3d1e036c8eb13adcbe360b5c997983520eeed9cR175-R176

Removed since we don't seem to need it. The auth UI still says it'll share name, email, and profile photo without it, so it was probably just redundant.

[ditman]

Upon re-reading this... is this paragraph is a little bit incomplete? IIRC The authentication token (idToken) is also not refreshed, so both authorization and authentication end up expiring, right?

[stuartmorgan-g]

Looks that way. I can adjust the README accordingly, but maybe you just didn't mention it because normally (IIUC) clients don't need to keep using ID tokens they way they do access tokens.

[stuartmorgan-g]

Added a similar note in the authentication section, but pointing out that for authentication generally you should only need to use idToken when it's first received.

[ditman]

This is not specifically related to this example, but... why are we adding something that looks like an "error" event through the onData callback, instead of adding them as an error to the stream so they can be dealt with by a separate onError handler?

Adding an error to the stream also makes the case where the user is doing await stream.first throwy.

[stuartmorgan-g]

I think I just got carried away with structured error returns on iOS and Android. I'll revisit this for both layers of streams.

[ditman]

IMO I would only change the user-facing stream. In the implementation of the plugin we're already looking at the continuous stream of events coming from the platform code, so maybe the platform -> plugin stream can continue be a single one, with error events ("it never crashes") but the plugin -> app stream can emit errors normally? But yeah, if there's a benefit to making the platform -> plugin also emit errors, I won't oppose it changing :)

[stuartmorgan-g]

I changed the app-facing stream, but did end up leaving the platform interface version as-is, adding a comment to the stream method saying to always use the event instead of addError to enforce that they are supposed to always use structured errors instead of random PlatformExceptions and the like.

[ditman]

(Mentioned this in the readme above, but again, this 'email' scope might not be needed.)

[stuartmorgan-g]

Removed.

[ditman]

This should be _errorMessage, probably?

[stuartmorgan-g]

Fixed.

[ditman]

Can we use this opportunity to clean up this _token and the set instance setter tricks and make the abstract class GoogleSignInPlatform an abstract base class? Should this be a separate technical debt cleanup issue? (Are there any downsides to this that I'm not seeing? :S)

[stuartmorgan-g]

I did seriously consider doing this, since it can only be done during a breaking change to the platform interface.

I may still tackle it here for that reason, but the downside is that I would have to replace the Mockito-generated mocks with manual mocks, and rewrite the tests accordingly.

[ditman]

the downside is that I would have to replace the Mockito-generated mocks with manual mocks, and rewrite the tests accordingly.

Ah yes...

Why is this change considered breaking, though? Is it just in case people are using "implements" for their own federated versions of the plugin, or mocks? If you're using the class "as intended" (with extends), your code shouldn't need to change by us moving it to base class. Would it?

One upside of the extra work, should you want to tackle it, is that the mocks that you create here can be distributed as a testing library from the package, so those users who were creating their own mocks can use officially maintained mock classes that we vend. Similar to: https://pub.dev/documentation/http/1.4.0/testing

[stuartmorgan-g]

Why is this change considered breaking, though? Is it just in case people are using "implements" for their own federated versions of the plugin, or mocks? If you're using the class "as intended" (with extends), your code shouldn't need to change by us moving it to base class. Would it?

True, it should only break tests in practice. We could probably consider it non-breaking for that reason, although forcing anyone currently doing mocking to completely rewrite their tests in a non-breaking change seems like more of a grey area than our usual policy for federated plugins that breaking test mocks isn't a breaking change.

the mocks that you create here can be distributed as a testing library from the package

I'm still on the fence about that approach for our plugins; it means we essentially have to maintain an extra implementation, taking feature requests for mocking scenarios that we don't care about ourselves.

[ditman]

Would it make sense to retain the 'asserts no scopes have any spaces' functionality and test here?

[stuartmorgan-g]

I was confused by the fact that the web implementation was asserting this in the first place. Is there some web-specific extra requirement on scopes? Is having spaces that shouldn't be there different from just typoing the scope?

[ditman]

This code comes from the first version of the plugin, and this is why I added this, when asked about "why not put this in the app-facing package":

flutter/plugins#2280 (comment)

[Spaces are] a problem here because we use the space as a "join" character to pass the scopes to JS. In the mobile versions, the List is preserved all the way through.

I just checked the API docs again, here: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow#redirecting and scope is still "A space-delimited list of scopes that identify the resources that your application could access on the user's behalf."

IMO we should still assert (and test the assert) that scopes don't contain spaces, but it doesn't look like a super big source of problems.

[stuartmorgan-g]

Interesting; I'll put it back with a comment explaining it. I wonder if the mobile SDKs fail under the hood, or if they escape the spaces.

[stuartmorgan-g]

Re-added.

[ditman]

I thought we no longer did the People API fallback on the web? Maybe this whole test can be removed as well?

[stuartmorgan-g]

I think I did indeed just forget to delete these files.

[stuartmorgan-g]

Removed.

[ditman]

I think this people.dart file is now dead code, you can maybe delete it and its tests?

[camsim99]

Reviewed the Android implementation!

[camsim99]

So if useButtonFlow is true, then basically the other options are ignored? Would it be helpful to warn users here about that?

[stuartmorgan-g]

I've added a wrapper class at this layer and the Pigeon layer that encapsulate the options that are specific to the non-button flow, and also added some docs, to make things clearer.

[stuartmorgan-g]

I've reworked the API here and at the Pigeon layer to put the options specific to non-button-flow in a class, and added comments, to make it clearer what doesn't apply. (When I first wrote this code I didn't use the button flow, so the flat arguments made sense.)

[camsim99]

Ok cool this is much clearer, thank you!

[camsim99]

Nit: could throw an exception to ensure it's not called.

[stuartmorgan-g]

Added fail() to all of these, and adjusted the comment slightly to explain why.

[camsim99]

Can we consider linking to the credentials docs on this? https://developer.android.com/identity/sign-in/credential-manager-siwg#set-google for the non-firebase option? If it's more confusing than helpful because some steps don't apply, maybe not though.

[stuartmorgan-g]

By the time I was updating the READMEs I was so used to skipping down to the code on that page I forgot it had setup instructions! I've adjusted to link to that as the non-Firebase option, and removed some of the details since they are covered more thoroughly there.

[camsim99]

Hahaha totally understandable! LGTM!

[camsim99]

The Android implementation LGTM!

[camsim99]

Ok cool this is much clearer, thank you!

[camsim99]

Hahaha totally understandable! LGTM!