Skip to content

Commit

Permalink
Properly sign out
Browse files Browse the repository at this point in the history
  • Loading branch information
mar-v-in committed Sep 19, 2023
1 parent 36c82d6 commit 4f35fd1
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 16 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,8 @@ class AuthSignInServiceImpl(
Log.d(TAG, "$packageName:signOut($options)")
lifecycleScope.launchWhenStarted {
try {
val account = account ?: options?.account ?: SignInConfigurationService.getDefaultAccount(context, packageName)
if (account != null) performSignOut(context, packageName, options, account)
SignInConfigurationService.setDefaultAccount(context, packageName, null)
runCatching { callbacks.onSignOut(Status.SUCCESS) }
} catch (e: Exception) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,43 @@ import kotlin.math.min

private fun Long?.orMaxIfNegative() = this?.takeIf { it >= 0L } ?: Long.MAX_VALUE

val GoogleSignInOptions.scopeUris
get() = scopes.orEmpty().sortedBy { it.scopeUri }

val GoogleSignInOptions.includeId
get() = scopeUris.any { it.scopeUri == Scopes.OPENID } || scopeUris.any { it.scopeUri == Scopes.GAMES_LITE }

val GoogleSignInOptions.includeEmail
get() = scopeUris.any { it.scopeUri == Scopes.EMAIL } || scopeUris.any { it.scopeUri == Scopes.GAMES_LITE }

val GoogleSignInOptions.includeProfile
get() = scopeUris.any { it.scopeUri == Scopes.PROFILE }

fun getOAuthManager(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account): AuthManager {
val scopes = options?.scopes.orEmpty().sortedBy { it.scopeUri }
return AuthManager(context, account.name, packageName, "oauth2:${scopes.joinToString(" ")}")
}

fun getIdTokenManager(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account): AuthManager? {
if (options?.isIdTokenRequested != true || options.serverClientId == null) return null

val idTokenManager = AuthManager(context, account.name, packageName, "audience:server:client_id:${options.serverClientId}")
idTokenManager.includeEmail = if (options.includeEmail) "1" else "0"
idTokenManager.includeProfile = if (options.includeProfile) "1" else "0"
return idTokenManager
}

fun getServerAuthTokenManager(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account): AuthManager? {
if (options?.isServerAuthCodeRequested != true || options.serverClientId == null) return null

val serverAuthTokenManager = AuthManager(context, account.name, packageName, "oauth2:server:client_id:${options.serverClientId}:api_scope:${options.scopeUris.joinToString(" ")}")
serverAuthTokenManager.includeEmail = if (options.includeEmail) "1" else "0"
serverAuthTokenManager.includeProfile = if (options.includeProfile) "1" else "0"
serverAuthTokenManager.setOauth2Prompt(if (options.isForceCodeForRefreshToken) "consent" else "auto")
serverAuthTokenManager.setItCaveatTypes("2")
return serverAuthTokenManager
}

suspend fun performSignIn(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account, permitted: Boolean = false): GoogleSignInAccount? {
val authManager = getOAuthManager(context, packageName, options, account)
if (permitted) authManager.isPermitted = true
Expand All @@ -41,22 +73,14 @@ suspend fun performSignIn(context: Context, packageName: String, options: Google
val includeEmail = scopes.any { it.scopeUri == Scopes.EMAIL } || scopes.any { it.scopeUri == Scopes.GAMES_LITE }
val includeProfile = scopes.any { it.scopeUri == Scopes.PROFILE }
Log.d("AuthSignIn", "id token requested: ${options?.isIdTokenRequested == true}, serverClientId = ${options?.serverClientId}")
val idTokenResponse = if (options?.isIdTokenRequested == true && options.serverClientId != null) withContext(Dispatchers.IO) {
val idTokenManager = AuthManager(context, account.name, packageName, "audience:server:client_id:${options.serverClientId}")
idTokenManager.includeEmail = if (includeEmail) "1" else "0"
idTokenManager.includeProfile = if (includeProfile) "1" else "0"
idTokenManager.isPermitted = authManager.isPermitted
idTokenManager.requestAuth(true)
} else null
val serverAuthTokenResponse = if (options?.isServerAuthCodeRequested == true && options.serverClientId != null) withContext(Dispatchers.IO) {
val serverAuthTokenManager = AuthManager(context, account.name, packageName, "oauth2:server:client_id:${options.serverClientId}:api_scope:${scopes.joinToString(" ")}")
serverAuthTokenManager.includeEmail = if (includeEmail) "1" else "0"
serverAuthTokenManager.includeProfile = if (includeProfile) "1" else "0"
serverAuthTokenManager.setOauth2Prompt(if (options.isForceCodeForRefreshToken) "consent" else "auto")
serverAuthTokenManager.setItCaveatTypes("2")
serverAuthTokenManager.isPermitted = authManager.isPermitted
serverAuthTokenManager.requestAuth(true)
} else null
val idTokenResponse = getIdTokenManager(context, packageName, options, account)?.let {
it.isPermitted = authManager.isPermitted
withContext(Dispatchers.IO) { it.requestAuth(true) }
}
val serverAuthTokenResponse = getServerAuthTokenManager(context, packageName, options, account)?.let {
it.isPermitted = authManager.isPermitted
withContext(Dispatchers.IO) { it.requestAuth(true) }
}
val googleUserId = authManager.getUserData("GoogleUserId")
val id = if (includeId) googleUserId else null
val tokenId = if (options?.isIdTokenRequested == true) idTokenResponse?.auth else null
Expand Down Expand Up @@ -93,4 +117,19 @@ suspend fun performSignIn(context: Context, packageName: String, options: Google
givenName,
familyName
)
}

fun performSignOut(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account) {
val authManager = getOAuthManager(context, packageName, options, account)
authManager.isPermitted = false
authManager.invalidateAuthToken()

getIdTokenManager(context, packageName, options, account)?.let {
it.isPermitted = false
it.invalidateAuthToken()
}
getServerAuthTokenManager(context, packageName, options, account)?.let {
it.isPermitted = false
it.invalidateAuthToken()
}
}

0 comments on commit 4f35fd1

Please sign in to comment.