[google_sign_in] Redesign API for current identity SDKs

[stuartmorgan-g]

This is a full overhaul of the google_sign_in API, with breaking changes for all component packages—including the platform interface. The usual model of adding the new approach while keeping the old one is not viable here, as the underlying SDKs have changed significantly since the original API was designed. Web already had some only-partially-compatible shims for this reason, and Android would have had to do something similar; see flutter/flutter#119300 and flutter/flutter#154205, and the design doc for more background.

• Fixes [google_sign_in] Rework google_sign_in to reflect changes in underlying SDKs flutter#119300
• Fixes [google_sign_in] Switch Android to Credential Manager flutter#154205
• Fixes [google_sign_in_web] Enable incremental authorization for Code Model. flutter#139406
• Fixes [google_sign_in_android] Remove deprecated API usages in most recent version of play-services-auth flutter#150365
• Fixes [google_sign_in_web] Remove deprecated signIn method. flutter#137727
• Fixes [google_sign_in] Implement canAccessScopes on mobile flutter#124206
• Fixes google_sign_in plugin links to obsolete documentation for web flutter#117794
• Fixes [google_sign_in] Android documentation is wrong flutter#107532
• Fixes [google_sign_in] Support passing a nonce flutter#85439
• Fixes [google_sign_in] java.lang.NullPointerException: Attempt to read from field [...] on a null object reference flutter#74308
• Fixes [google_sign_in] Add future that completes when the plugin is (really) ready. flutter#71607
• Fixes [google_sign_in_web] googleSignIn.signIn() hangs forever if can't connect to apis.google.com flutter#70427
• Fixes [google_sign_in] better error handling flutter#32441 (there may be more to do here over time, since we may find exceptions that are not caught, but we now have a structured system to convert errors to as we find specific unhandled cases)

Pre-Review Checklist

• I read the Contributor Guide and followed the process outlined there for submitting PRs.
• I read the Tree Hygiene page, which explains my responsibilities.
• I read and followed the relevant style guides and ran the auto-formatter.
• I signed the CLA.
• The title of the PR starts with the name of the package surrounded by square brackets, e.g. [shared_preferences]
• I linked to at least one issue that this PR fixes in the description above.
• I updated pubspec.yaml with an appropriate new version according to the pub versioning philosophy, or I have commented below to indicate which version change exemption this PR falls under¹.
• I updated CHANGELOG.md to add a description of the change, following repository CHANGELOG style, or I have commented below to indicate which CHANGELOG exemption this PR falls under¹.
• I updated/added any relevant documentation (doc comments with ///).
• I added new tests to check the change I am making, or I have commented below to indicate which test exemption this PR falls under¹.
• All existing and new tests are passing.

Footnotes

1. Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling. ↩ ↩² ↩³

[stuartmorgan-g]

Looks like this will need either #9168 or a localized SDK 35 change.

[ditman]

I don't think I have anything blocking. I took a look at google_sign_in, google_sign_in_platform_interface and google_sign_in_web.

[ditman]

'email' seems to me like an "old school" scope docs, maybe don't show it in this example, or replace by 'https://www.googleapis.com/auth/userinfo.email'?

[ditman]

Upon re-reading this... is this paragraph is a little bit incomplete? IIRC The authentication token (idToken) is also not refreshed, so both authorization and authentication end up expiring, right?

[stuartmorgan-g]

Looks that way. I can adjust the README accordingly, but maybe you just didn't mention it because normally (IIUC) clients don't need to keep using ID tokens they way they do access tokens.

[ditman]

This is not specifically related to this example, but... why are we adding something that looks like an "error" event through the onData callback, instead of adding them as an error to the stream so they can be dealt with by a separate onError handler?

Adding an error to the stream also makes the case where the user is doing await stream.first throwy.

[stuartmorgan-g]

I think I just got carried away with structured error returns on iOS and Android. I'll revisit this for both layers of streams.

[ditman]

IMO I would only change the user-facing stream. In the implementation of the plugin we're already looking at the continuous stream of events coming from the platform code, so maybe the platform -> plugin stream can continue be a single one, with error events ("it never crashes") but the plugin -> app stream can emit errors normally? But yeah, if there's a benefit to making the platform -> plugin also emit errors, I won't oppose it changing :)

[ditman]

(Mentioned this in the readme above, but again, this 'email' scope might not be needed.)

[ditman]

This should be _errorMessage, probably?

[ditman]

Can we use this opportunity to clean up this _token and the set instance setter tricks and make the abstract class GoogleSignInPlatform an abstract base class? Should this be a separate technical debt cleanup issue? (Are there any downsides to this that I'm not seeing? :S)

[stuartmorgan-g]

I did seriously consider doing this, since it can only be done during a breaking change to the platform interface.

I may still tackle it here for that reason, but the downside is that I would have to replace the Mockito-generated mocks with manual mocks, and rewrite the tests accordingly.

[ditman]

the downside is that I would have to replace the Mockito-generated mocks with manual mocks, and rewrite the tests accordingly.

Ah yes...

Why is this change considered breaking, though? Is it just in case people are using "implements" for their own federated versions of the plugin, or mocks? If you're using the class "as intended" (with extends), your code shouldn't need to change by us moving it to base class. Would it?

One upside of the extra work, should you want to tackle it, is that the mocks that you create here can be distributed as a testing library from the package, so those users who were creating their own mocks can use officially maintained mock classes that we vend. Similar to: https://pub.dev/documentation/http/1.4.0/testing

[ditman]

Would it make sense to retain the 'asserts no scopes have any spaces' functionality and test here?

[stuartmorgan-g]

I was confused by the fact that the web implementation was asserting this in the first place. Is there some web-specific extra requirement on scopes? Is having spaces that shouldn't be there different from just typoing the scope?

[ditman]

This code comes from the first version of the plugin, and this is why I added this, when asked about "why not put this in the app-facing package":

flutter/plugins#2280 (comment)

[Spaces are] a problem here because we use the space as a "join" character to pass the scopes to JS. In the mobile versions, the List is preserved all the way through.

I just checked the API docs again, here: https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow#redirecting and scope is still "A space-delimited list of scopes that identify the resources that your application could access on the user's behalf."

IMO we should still assert (and test the assert) that scopes don't contain spaces, but it doesn't look like a super big source of problems.

[stuartmorgan-g]

Interesting; I'll put it back with a comment explaining it. I wonder if the mobile SDKs fail under the hood, or if they escape the spaces.

[ditman]

I thought we no longer did the People API fallback on the web? Maybe this whole test can be removed as well?

[stuartmorgan-g]

I think I did indeed just forget to delete these files.

[ditman]

I think this people.dart file is now dead code, you can maybe delete it and its tests?

[camsim99]

Reviewed the Android implementation!

[camsim99]

So if useButtonFlow is true, then basically the other options are ignored? Would it be helpful to warn users here about that?

[camsim99]

Nit: can you leave a comment for each of these params about what they are since it's not obvious?

[camsim99]

Should we file an issue to track this since this is sorta a regression?

[camsim99]

What do you think about adding a test for attachToActivity since it seems that the call to addActivityResultListener is critical? Maybe disposeActivity for the same reason.

[camsim99]

Nit: could throw an exception to ensure it's not called.

[camsim99]

What do you think about adding a test for the various parameter options for authorize?

[camsim99]

Can we consider linking to the credentials docs on this? https://developer.android.com/identity/sign-in/credential-manager-siwg#set-google for the non-firebase option? If it's more confusing than helpful because some steps don't apply, maybe not though.