[iOS] serverAuthCode is not being updated when signInSilently

[michdavydov]

Step 1: Are you in the right place?

• For issues or feature requests related to the code in this repository file a Github issue.
• For general technical questions, post a question on StackOverflow tagged appropriately.

Step 2: Describe your environment

• Device: iPhone 6S+
• OS version: iOS 11.1
• SDK version: GoogleSignIn 4.1.1

Step 3: Describe the problem:

I was not able to find a way to generate a new server auth code to send it to our server except of showing popup to users and asking them to grant access. We found signInSilently method working on Android and it generates a new code.

Steps to reproduce:

1. Sign in and grant access.
2. Sign in silently

Observed Results:

• serverAuthCode appears to be the same.

Expected Results:

• serverAuthCode should be different.

Relevant Code:

I've created a test project to check it out.

[morganchen12]

signInSilently exists on iOS as well (docs here). This may not return a new token; the SDK should manage refreshing those automatically. If you'd like to force a manual refresh, use refreshTokensWithHandler:.

[michdavydov]

@morganchen12 Thank you for the reply.

I've got the test project updated with the refreshTokensWithHandler: implemented. But seems the handler is not refreshing serverAuthCode either.

I'm looking for a way to get a new code without popping up the dialog as the serverAuthCode is redeemed first time.

[morganchen12]

Sorry, I misread your original post. Why does your app need a new serverAuthCode?

[michdavydov]

It's business requirements where I've got registration flow that can't be skipped.

First, we're retrieving user info with the serverAuthCode and checking whether or not user exists in db. If not, we ask to create a new account and we still need to get an access token on server at this point.

As API is stateless we can't keep any records of the previous call. Saving to db is based on user id which is not created yet.

All works good in Android SDK and the serverAuthCode is being refreshed by signInSilently there. But it made me got stuck and we're looking for a way to work around it. Still no luck.

[morganchen12]

I see. As far as I know the only way to achieve this on iOS is to sign out and sign in again. But there shouldn't be anything you need a new serverAuthCode for that the refresh token shouldn't handle.

[asamek]

the only way to achieve this on iOS is to sign out and sign in again

@morganchen12 Is it possible to execute that without user interaction? I need to get refreshed serverAuthCode and use it as one-time authorization code on my backend server multiple times (to ensure that user is still logged in the mobile application). I see that it's possible to generate new code for each rest api. Any updates for IOS?

[morganchen12]

Not that I know of.

[eliasjtg]

Any solution? Same issue :(

[asamek]

We implemented very, very ugly workaround for IOS but it's so bad solution that I event don't want to share... We are still waiting for full support for signInSilently on IOS.

[eliasjtg]

:(

[eliasjtg]

i'm implement almost all platforms, web, android but ios has this issue with new server auth code's

[HasithaCJ]

Any update on this ?

[blueeyestw]

It seems I'm also having the same problem. Android works fine and returns a new serverAuthCode when signinSilently() is called but iOS does not. Even when setting forceCodeForRefreshToken = true in the GoogleSignIn() constructor and reAuthenticate=true.