Implement oauth secret token in headful-lite. (#2663)

* Implement oauth secret token in headful-lite. This is useful for Twitter sign in.

* Deprecate TwitterAuth{Provider,Credential}. OAuth sign in flow is now the recommended way to sign in with Twitter.

* Add update OAuth credential to AuthDataResult. Developer can access the secret token from that.

Author: Yue-Wang-Google

Example/Auth/Tests/FIRUserTests.m

@@ -1513,7 +1513,8 @@ - (void)testlinkAndRetrieveDataError {
                        FIRVerifyAssertionResponseCallback callback) {
         dispatch_async(FIRAuthGlobalWorkQueue(), ^() {
             callback(nil,
-                     [FIRAuthErrorUtils accountExistsWithDifferentCredentialErrorWithEmail:kEmail]);
+                     [FIRAuthErrorUtils accountExistsWithDifferentCredentialErrorWithEmail:kEmail
+                                                                         updatedCredential:nil]);
       });
     });
 

Example/Firebase.xcodeproj/project.pbxproj

@@ -6659,7 +6659,7 @@
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = 4ANB9W7R3P;
 				GCC_C_LANGUAGE_STANDARD = gnu11;
-				INFOPLIST_FILE = $SRCROOT/DynamicLinks/FDLBuilderTestAppObjC/Info.plist;
+				INFOPLIST_FILE = "$SRCROOT/DynamicLinks/FDLBuilderTestAppObjC/Info.plist";
 				IPHONEOS_DEPLOYMENT_TARGET = 11.4;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
 				MTL_ENABLE_DEBUG_INFO = YES;
@@ -6693,7 +6693,7 @@
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				DEVELOPMENT_TEAM = 4ANB9W7R3P;
 				GCC_C_LANGUAGE_STANDARD = gnu11;
-				INFOPLIST_FILE = $SRCROOT/DynamicLinks/FDLBuilderTestAppObjC/Info.plist;
+				INFOPLIST_FILE = "$SRCROOT/DynamicLinks/FDLBuilderTestAppObjC/Info.plist";
 				IPHONEOS_DEPLOYMENT_TARGET = 11.4;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
 				MTL_ENABLE_DEBUG_INFO = NO;

Firebase/Auth/Source/Auth Provider/OAuth/FIROAuthCredential.m

@@ -20,6 +20,7 @@
 #import "FIRAuthExceptionUtils.h"
 #import "FIROAuthCredential_Internal.h"
 #import "FIRVerifyAssertionRequest.h"
+#import "FIRVerifyAssertionResponse.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -40,30 +41,50 @@ - (nullable instancetype)initWithProvider:(NSString *)provider {
 - (instancetype)initWithProviderID:(NSString *)providerID
                            IDToken:(nullable NSString *)IDToken
                        accessToken:(nullable NSString *)accessToken
+                            secret:(nullable NSString *)secret
                       pendingToken:(nullable NSString *)pendingToken {
   self = [super initWithProvider:providerID];
   if (self) {
     _IDToken = IDToken;
     _accessToken = accessToken;
     _pendingToken = pendingToken;
+    _secret = secret;
   }
   return self;
 }
 
 - (instancetype)initWithProviderID:(NSString *)providerID
                          sessionID:(NSString *)sessionID
             OAuthResponseURLString:(NSString *)OAuthResponseURLString {
-  self = [self initWithProviderID:providerID IDToken:nil accessToken:nil pendingToken:nil];
+  self =
+      [self initWithProviderID:providerID IDToken:nil accessToken:nil secret:nil pendingToken:nil];
   if (self) {
     _OAuthResponseURLString = OAuthResponseURLString;
     _sessionID = sessionID;
   }
   return self;
 }
 
+
+- (nullable instancetype)initWithVerifyAssertionResponse:(FIRVerifyAssertionResponse *)response {
+  if (response.oauthIDToken.length || response.oauthAccessToken.length ||
+      response.oauthSecretToken.length) {
+    return [self initWithProviderID:response.providerID
+                            IDToken:response.oauthIDToken
+                        accessToken:response.oauthAccessToken
+                             secret:response.oauthSecretToken
+                       pendingToken:response.pendingToken];
+  }
+  return nil;
+}
+
 - (void)prepareVerifyAssertionRequest:(FIRVerifyAssertionRequest *)request {
   request.providerIDToken = _IDToken;
   request.providerAccessToken = _accessToken;
+  request.requestURI = _OAuthResponseURLString;
+  request.sessionID = _sessionID;
+  request.providerOAuthTokenSecret = _secret;
+  request.pendingToken = _pendingToken;
 }
 
 #pragma mark - NSSecureCoding
@@ -76,9 +97,11 @@ - (nullable instancetype)initWithCoder:(NSCoder *)aDecoder {
   NSString *IDToken = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"IDToken"];
   NSString *accessToken = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"accessToken"];
   NSString *pendingToken = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"pendingToken"];
+  NSString *secret = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"secret"];
   self = [self initWithProviderID:self.provider
                           IDToken:IDToken
                       accessToken:accessToken
+                           secret:secret
                      pendingToken:pendingToken];
   return self;
 }
@@ -87,6 +110,7 @@ - (void)encodeWithCoder:(NSCoder *)aCoder {
   [aCoder encodeObject:self.IDToken forKey:@"IDToken"];
   [aCoder encodeObject:self.accessToken forKey:@"accessToken"];
   [aCoder encodeObject:self.pendingToken forKey:@"pendingToken"];
+  [aCoder encodeObject:self.secret forKey:@"secret"];
 }
 
 @end

Firebase/Auth/Source/Auth Provider/OAuth/FIROAuthCredential_Internal.h

@@ -18,6 +18,8 @@
 
 #import "FIROAuthCredential.h"
 
+@class FIRVerifyAssertionResponse;
+
 NS_ASSUME_NONNULL_BEGIN
 
 /** @extension FIROAuthCredential
@@ -40,16 +42,18 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property(nonatomic, readonly, nullable) NSString *pendingToken;
 
-/** @fn initWithProviderId:IDToken:accessToken:pendingToken
+/** @fn initWithProviderId:IDToken:accessToken:secret:pendingToken
     @brief Designated initializer.
     @param providerID The provider ID associated with the credential being created.
     @param IDToken The ID Token associated with the credential being created.
     @param accessToken The access token associated with the credential being created.
+    @param secret The secret associated with the credential being created.
     @param pendingToken The pending token associated with the credential being created.
  */
 - (instancetype)initWithProviderID:(NSString *)providerID
                            IDToken:(nullable NSString *)IDToken
                        accessToken:(nullable NSString *)accessToken
+                            secret:(nullable NSString *)secret
                       pendingToken:(nullable NSString *)pendingToken NS_DESIGNATED_INITIALIZER;
 
 /** @fn initWithProviderId:sessionID:OAuthResponseURLString:
@@ -62,6 +66,12 @@ NS_ASSUME_NONNULL_BEGIN
                          sessionID:(NSString *)sessionID
             OAuthResponseURLString:(NSString *)OAuthResponseURLString;
 
+/** @fn initWithVerifyAssertionResponse
+    @brief Intitializer which takes an verifyAssertion response.
+    @param response The verifyAssertion Response to create the credential instance.
+ */
+- (nullable instancetype)initWithVerifyAssertionResponse:(FIRVerifyAssertionResponse *)response;
+
 @end
 
 NS_ASSUME_NONNULL_END

Firebase/Auth/Source/Auth Provider/OAuth/FIROAuthProvider.m

@@ -70,6 +70,7 @@ + (FIROAuthCredential *)credentialWithProviderID:(NSString *)providerID
   return [[FIROAuthCredential alloc] initWithProviderID:providerID
                                                 IDToken:IDToken
                                             accessToken:accessToken
+                                                 secret:nil
                                            pendingToken:nil];
 }
 
@@ -78,6 +79,7 @@ + (FIROAuthCredential *)credentialWithProviderID:(NSString *)providerID
   return [[FIROAuthCredential alloc] initWithProviderID:providerID
                                                 IDToken:nil
                                             accessToken:accessToken
+                                                 secret:nil
                                            pendingToken:nil];
 }
 

Firebase/Auth/Source/Auth Provider/Twitter/FIRTwitterAuthCredential.h

@@ -23,6 +23,7 @@ NS_ASSUME_NONNULL_BEGIN
 /** @class FIRTwitterAuthCredential
     @brief Internal implementation of FIRAuthCredential for Twitter credentials.
  */
+DEPRECATED_MSG_ATTRIBUTE("Please use FIROAuthCredential instead of FIRTwitterAuthCredential.")
 @interface FIRTwitterAuthCredential : FIRAuthCredential <NSSecureCoding>
 
 /** @property token

Firebase/Auth/Source/Auth Provider/Twitter/FIRTwitterAuthCredential.m

@@ -22,6 +22,9 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-implementations"
+
 @interface FIRTwitterAuthCredential ()
 
 - (nullable instancetype)initWithProvider:(NSString *)provider NS_UNAVAILABLE;
@@ -70,4 +73,6 @@ - (void)encodeWithCoder:(NSCoder *)aCoder {
 
 @end
 
+#pragma clang diagnostic pop
+
 NS_ASSUME_NONNULL_END

Firebase/Auth/Source/Auth Provider/Twitter/FIRTwitterAuthProvider.m

@@ -23,6 +23,9 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-implementations"
+
 @implementation FIRTwitterAuthProvider
 
 - (instancetype)init {
@@ -37,4 +40,6 @@ + (FIRAuthCredential *)credentialWithToken:(NSString *)token secret:(NSString *)
 
 @end
 
+#pragma clang diagnostic pop
+
 NS_ASSUME_NONNULL_END

Firebase/Auth/Source/Auth/FIRAuth.m

@@ -857,12 +857,6 @@ - (void)internalSignInAndRetrieveDataWithCredential:(FIRAuthCredential *)credent
                                        requestConfiguration:_requestConfiguration];
   request.autoCreate = !isReauthentication;
   [credential prepareVerifyAssertionRequest:request];
-  if ([credential isKindOfClass:[FIROAuthCredential class]]) {
-    FIROAuthCredential *OAuthCredential = (FIROAuthCredential *)credential;
-    request.requestURI = OAuthCredential.OAuthResponseURLString;
-    request.sessionID = OAuthCredential.sessionID;
-    request.pendingToken = OAuthCredential.pendingToken;
-  }
   [FIRAuthBackend verifyAssertion:request
                          callback:^(FIRVerifyAssertionResponse *response, NSError *error) {
     if (error) {
@@ -875,7 +869,10 @@ - (void)internalSignInAndRetrieveDataWithCredential:(FIRAuthCredential *)credent
     if (response.needConfirmation) {
       if (callback) {
         NSString *email = response.email;
-        callback(nil, [FIRAuthErrorUtils accountExistsWithDifferentCredentialErrorWithEmail:email]);
+        FIROAuthCredential *credential =
+            [[FIROAuthCredential alloc] initWithVerifyAssertionResponse:response];
+        callback(nil, [FIRAuthErrorUtils accountExistsWithDifferentCredentialErrorWithEmail:email
+            updatedCredential:credential]);
       }
       return;
     }
@@ -894,9 +891,12 @@ - (void)internalSignInAndRetrieveDataWithCredential:(FIRAuthCredential *)credent
       if (callback) {
         FIRAdditionalUserInfo *additionalUserInfo =
             [FIRAdditionalUserInfo userInfoWithVerifyAssertionResponse:response];
+        FIROAuthCredential *updatedOAuthCredential =
+            [[FIROAuthCredential alloc] initWithVerifyAssertionResponse:response];
         FIRAuthDataResult *result = user ?
             [[FIRAuthDataResult alloc] initWithUser:user
-                                 additionalUserInfo:additionalUserInfo] : nil;
+                                 additionalUserInfo:additionalUserInfo
+                                         credential:updatedOAuthCredential] : nil;
         callback(result, error);
       }
     }];

Firebase/Auth/Source/Auth/FIRAuthDataResult.m

@@ -18,6 +18,7 @@
 
 #import "FIRAdditionalUserInfo.h"
 #import "FIRUser.h"
+#import "FIROAuthCredential.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -33,12 +34,24 @@ @implementation FIRAuthDataResult
  */
 static NSString *const kUserCodingKey = @"user";
 
+/** @var kCredentialCodingKey
+    @brief The key used to encode the credential for NSSecureCoding.
+ */
+static NSString *const kCredentialCodingKey = @"credential";
+
 - (nullable instancetype)initWithUser:(nullable FIRUser *)user
                    additionalUserInfo:(nullable FIRAdditionalUserInfo *)additionalUserInfo {
+  return [self initWithUser:user additionalUserInfo:additionalUserInfo credential:nil];
+}
+
+- (nullable instancetype)initWithUser:(nullable FIRUser *)user
+                   additionalUserInfo:(nullable FIRAdditionalUserInfo *)additionalUserInfo
+                           credential:(nullable FIROAuthCredential *)credential {
   self = [super init];
   if (self) {
     _additionalUserInfo = additionalUserInfo;
     _user = user;
+    _credential = credential;
   }
   return self;
 }
@@ -55,13 +68,16 @@ - (nullable instancetype)initWithCoder:(NSCoder *)aDecoder {
   FIRAdditionalUserInfo *additionalUserInfo =
       [aDecoder decodeObjectOfClass:[FIRAdditionalUserInfo class]
                              forKey:kAdditionalUserInfoCodingKey];
-
-  return [self initWithUser:user additionalUserInfo:additionalUserInfo];
+  FIROAuthCredential *credential =
+      [aDecoder decodeObjectOfClass:[FIROAuthCredential class]
+                             forKey:kCredentialCodingKey];
+  return [self initWithUser:user additionalUserInfo:additionalUserInfo credential:credential];
 }
 
 - (void)encodeWithCoder:(NSCoder *)aCoder {
   [aCoder encodeObject:_user forKey:kUserCodingKey];
   [aCoder encodeObject:_additionalUserInfo forKey:kAdditionalUserInfoCodingKey];
+  [aCoder encodeObject:_credential forKey:kCredentialCodingKey];
 }
 
 @end

Firebase/Auth/Source/Auth/FIRAuthDataResult_Internal.h

@@ -25,8 +25,18 @@ NS_ASSUME_NONNULL_BEGIN
     @param user The signed in user reference.
     @param additionalUserInfo The additional user info if available.
  */
+- (nullable instancetype)initWithUser:(nullable FIRUser *)user
+                   additionalUserInfo:(nullable FIRAdditionalUserInfo *)additionalUserInfo;
+
+/** @fn initWithUser:additionalUserInfo:
+    @brief Designated initializer.
+    @param user The signed in user reference.
+    @param additionalUserInfo The additional user info if available.
+    @param credential The updated OAuth credential if available.
+ */
 - (nullable instancetype)initWithUser:(nullable FIRUser *)user
                    additionalUserInfo:(nullable FIRAdditionalUserInfo *)additionalUserInfo
+                           credential:(nullable FIROAuthCredential *)credential
     NS_DESIGNATED_INITIALIZER;
 
 @end

Firebase/Auth/Source/Backend/FIRAuthBackend.m

@@ -1067,13 +1067,8 @@ + (nullable NSError *)clientErrorWithServerErrorMessage:(NSString *)serverErrorM
     NSString *email;
     if ([response isKindOfClass:[FIRVerifyAssertionResponse class]]) {
       FIRVerifyAssertionResponse *verifyAssertion = (FIRVerifyAssertionResponse *)response;
-      if (verifyAssertion.oauthIDToken.length || verifyAssertion.oauthAccessToken.length) {
-        credential =
-            [[FIROAuthCredential alloc] initWithProviderID:verifyAssertion.providerID
-                                                   IDToken:verifyAssertion.oauthIDToken
-                                               accessToken:verifyAssertion.oauthAccessToken
-                                              pendingToken:verifyAssertion.pendingToken];
-      }
+      credential =
+          [[FIROAuthCredential alloc] initWithVerifyAssertionResponse:verifyAssertion];
       email = verifyAssertion.email;
     }
     return [FIRAuthErrorUtils credentialAlreadyInUseErrorWithMessage:serverDetailErrorMessage

Firebase/Auth/Source/Backend/RPC/FIRVerifyAssertionResponse.h

@@ -196,6 +196,11 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property(nonatomic, strong, readonly, nullable) NSString *oauthAccessToken;
 
+/** @property oauthSecretToken
+    @brief The secret for the OpenID OAuth extention.
+ */
+@property(nonatomic, readonly, nullable) NSString *oauthSecretToken;
+
 /** @property pendingToken
     @brief The pending ID Token string.
  */

Firebase/Auth/Source/Backend/RPC/FIRVerifyAssertionResponse.m

@@ -76,6 +76,7 @@ - (BOOL)setWithDictionary:(NSDictionary *)dictionary
   _oauthExpirationDate =  [dictionary[@"oauthExpireIn"] isKindOfClass:[NSString class]] ?
       [NSDate dateWithTimeIntervalSinceNow:[dictionary[@"oauthExpireIn"] doubleValue]] : nil;
   _oauthAccessToken = [dictionary[@"oauthAccessToken"] copy];
+  _oauthSecretToken = [dictionary[@"oauthTokenSecret"] copy];
   _pendingToken = [dictionary[@"pendingToken"] copy];
   return YES;
 }

Firebase/Auth/Source/Public/FIRAuthDataResult.h

@@ -17,6 +17,7 @@
 #import <Foundation/Foundation.h>
 
 @class FIRAdditionalUserInfo;
+@class FIROAuthCredential;
 @class FIRUser;
 
 NS_ASSUME_NONNULL_BEGIN
@@ -37,7 +38,14 @@ NS_SWIFT_NAME(AuthDataResult)
 /** @property user
     @brief The signed in user.
  */
-@property(nonatomic, readonly) FIRUser *user;
+@property(nonatomic, readonly, nullable) FIRUser *user;
+
+/** @property credential
+    @brief The updated OAuth credential after the the sign-in, link and reauthenticate action.
+    @detial This property is for OAuth sign in only.
+ */
+@property(nonatomic, readonly, nullable) FIROAuthCredential *credential;
+
 
 /** @property additionalUserInfo
     @brief If available contains the additional IdP specific information about signed in user.

Firebase/Auth/Source/Public/FIROAuthCredential.h

@@ -36,6 +36,13 @@ NS_SWIFT_NAME(OAuthCredential)
  */
 @property(nonatomic, readonly, nullable) NSString *accessToken;
 
+/** @property secret
+    @brief The secret associated with this credential. This will be nil for OAuth 2.0 providers.
+    @detail OAuthCredential already exposes a providerId getter. This will help the developer
+        determine whether an access token/secret pair is needed.
+ */
+@property(nonatomic, readonly, nullable) NSString *secret;
+
 /** @fn init
     @brief This class is not supposed to be instantiated directly.
  */