Extract util method `accessTokenRequestWithAuthState:`

GoogleSignIn/Sources/GIDAuthorizationUtil.h

@@ -17,7 +17,9 @@
 #import <Foundation/Foundation.h>
 
 @class OIDAuthorizationRequest;
+@class OIDAuthState;
 @class GIDSignInInternalOptions;
+@class OIDTokenRequest;
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -29,9 +31,19 @@ NS_ASSUME_NONNULL_BEGIN
 /// @param options The `GIDSignInInternalOptions` object to provide serverClientID, hostedDomain,
 ///     clientID, scopes, loginHint and extraParams.
 /// @param emmSupport The EMM support info string.
-+ (OIDAuthorizationRequest *)
-    authorizationRequestWithOptions:(GIDSignInInternalOptions *)options
-                         emmSupport:(nullable NSString *)emmSupport;
++ (OIDAuthorizationRequest *)authorizationRequestWithOptions:(GIDSignInInternalOptions *)options
+                                                  emmSupport:(nullable NSString *)emmSupport;
+
+/// Creates the request to AppAuth to exchange auth code for access token.
+///
+/// @param authState The current State of authorization session.
+/// @param serverClientID The server client ID.
+/// @param openIDRealm The open ID realm.
+/// @param emmSupport The EMM support string.
++ (OIDTokenRequest *)accessTokenRequestWithAuthState:(OIDAuthState *)authState
+                                      serverClientID:(nullable NSString *)serverClientID
+                                         openIDRealm:(nullable NSString *)openIDRealm
+                                          emmSupport:(nullable NSString *)emmSupport;
 
 /// Unions granted scopes with new scopes or returns an error if the new scopes are the subset of
 /// the granted scopes.

GoogleSignIn/Sources/GIDAuthorizationUtil.m

@@ -33,9 +33,8 @@ NS_ASSUME_NONNULL_BEGIN
 
 @implementation GIDAuthorizationUtil
 
-+ (OIDAuthorizationRequest *)
-    authorizationRequestWithOptions:(GIDSignInInternalOptions *)options
-                         emmSupport:(nullable NSString *)emmSupport {
++ (OIDAuthorizationRequest *)authorizationRequestWithOptions:(GIDSignInInternalOptions *)options
+                                                  emmSupport:(nullable NSString *)emmSupport {
   GIDSignInCallbackSchemes *schemes =
       [[GIDSignInCallbackSchemes alloc] initWithClientIdentifier:options.configuration.clientID];
   NSString *urlString = [NSString stringWithFormat:@"%@:%@",
@@ -81,6 +80,42 @@ NS_ASSUME_NONNULL_BEGIN
   return request;
 }
 
++ (OIDTokenRequest *)accessTokenRequestWithAuthState:(OIDAuthState *)authState
+                                      serverClientID:(nullable NSString *)serverClientID
+                                         openIDRealm:(nullable NSString *)openIDRealm
+                                          emmSupport:(nullable NSString *)emmSupport {
+  NSMutableDictionary<NSString *, NSString *> *additionalParameters = [@{} mutableCopy];
+  if (serverClientID) {
+    additionalParameters[kAudienceParameter] = serverClientID;
+  }
+  if (openIDRealm) {
+    additionalParameters[kOpenIDRealmParameter] = openIDRealm;
+  }
+#if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
+  NSDictionary<NSString *, NSObject *> *params =
+      authState.lastAuthorizationResponse.additionalParameters;
+  NSString *passcodeInfoRequired = (NSString *)params[kEMMPasscodeInfoRequiredKeyName];
+  [additionalParameters addEntriesFromDictionary:
+      [GIDEMMSupport parametersWithParameters:@{}
+                                   emmSupport:emmSupport
+                       isPasscodeInfoRequired:passcodeInfoRequired.length > 0]];
+#endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST
+  additionalParameters[kSDKVersionLoggingParameter] = GIDVersion();
+  additionalParameters[kEnvironmentLoggingParameter] = GIDEnvironment();
+
+  OIDTokenRequest *tokenRequest;
+  if (!authState.lastTokenResponse.accessToken &&
+      authState.lastAuthorizationResponse.authorizationCode) {
+    tokenRequest = [authState.lastAuthorizationResponse
+        tokenExchangeRequestWithAdditionalParameters:additionalParameters];
+  } else {
+    [additionalParameters
+        addEntriesFromDictionary:authState.lastTokenResponse.request.additionalParameters];
+    tokenRequest = [authState tokenRefreshRequestWithAdditionalParameters:additionalParameters];
+  }
+  return tokenRequest;
+}
+
 + (nullable NSArray<NSString *> *)
     resolvedScopesFromGrantedScoped:(NSArray<NSString *> *)scopes
                       withNewScopes:(NSArray<NSString *> *)newScopes

GoogleSignIn/Sources/GIDGoogleUser.m

@@ -42,8 +42,6 @@ static NSString *const kHostedDomainIDTokenClaimKey = @"hd";
 static NSString *const kProfileDataKey = @"profileData";
 static NSString *const kAuthStateKey = @"authState";
 
-static NSString *const kOpenIDRealmParameter = @"openid.realm";
-
 // Additional parameter names for EMM.
 static NSString *const kEMMSupportParameterName = @"emm_support";
 

GoogleSignIn/Sources/GIDSignIn.m

@@ -94,12 +94,6 @@ NSErrorDomain const kGIDSignInErrorDomain = @"com.google.GIDSignIn";
 // Keychain constants for saving state in the authentication flow.
 static NSString *const kGTMAppAuthKeychainName = @"auth";
 
-// Parameters in the callback URL coming back from browser.
-static NSString *const kAuthorizationCodeKeyName = @"code";
-static NSString *const kOAuth2ErrorKeyName = @"error";
-static NSString *const kOAuth2AccessDenied = @"access_denied";
-static NSString *const kEMMPasscodeInfoRequiredKeyName = @"emm_passcode_info_required";
-
 // Error string for unavailable keychain.
 static NSString *const kKeychainError = @"keychain error";
 
@@ -112,9 +106,6 @@ static NSString *const kAppHasRunBeforeKey = @"GID_AppHasRunBefore";
 // The delay before the new sign-in flow can be presented after the existing one is cancelled.
 static const NSTimeInterval kPresentationDelayAfterCancel = 1.0;
 
-// See b/11669751 .
-static NSString *const kOpenIDRealmParameter = @"openid.realm";
-
 // Minimum time to expiration for a restored access token.
 static const NSTimeInterval kMinimumRestoredAccessTokenTimeToExpire = 600.0;
 
@@ -668,35 +659,14 @@ static NSString *const kConfigOpenIDRealmKey = @"GIDOpenIDRealm";
         kMinimumRestoredAccessTokenTimeToExpire)) {
     return;
   }
-  NSMutableDictionary<NSString *, NSString *> *additionalParameters = [@{} mutableCopy];
-  if (_currentOptions.configuration.serverClientID) {
-    additionalParameters[kAudienceParameter] = _currentOptions.configuration.serverClientID;
-  }
-  if (_currentOptions.configuration.openIDRealm) {
-    additionalParameters[kOpenIDRealmParameter] = _currentOptions.configuration.openIDRealm;
-  }
-#if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
-  NSDictionary<NSString *, NSObject *> *params =
-      authState.lastAuthorizationResponse.additionalParameters;
-  NSString *passcodeInfoRequired = (NSString *)params[kEMMPasscodeInfoRequiredKeyName];
-  [additionalParameters addEntriesFromDictionary:
-      [GIDEMMSupport parametersWithParameters:@{}
-                                   emmSupport:authFlow.emmSupport
-                       isPasscodeInfoRequired:passcodeInfoRequired.length > 0]];
-#endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST
-  additionalParameters[kSDKVersionLoggingParameter] = GIDVersion();
-  additionalParameters[kEnvironmentLoggingParameter] = GIDEnvironment();
-
-  OIDTokenRequest *tokenRequest;
-  if (!authState.lastTokenResponse.accessToken &&
-      authState.lastAuthorizationResponse.authorizationCode) {
-    tokenRequest = [authState.lastAuthorizationResponse
-        tokenExchangeRequestWithAdditionalParameters:additionalParameters];
-  } else {
-    [additionalParameters
-        addEntriesFromDictionary:authState.lastTokenResponse.request.additionalParameters];
-    tokenRequest = [authState tokenRefreshRequestWithAdditionalParameters:additionalParameters];
-  }
+  
+  NSString *serverClientID = _currentOptions.configuration.serverClientID;
+  NSString *openIDRealm = _currentOptions.configuration.openIDRealm;
+  OIDTokenRequest *tokenRequest =
+      [GIDAuthorizationUtil accessTokenRequestWithAuthState:authState
+                                             serverClientID:serverClientID
+                                                openIDRealm:openIDRealm
+                                                 emmSupport:authFlow.emmSupport];
 
   [authFlow wait];
   [OIDAuthorizationService

GoogleSignIn/Sources/GIDSignInPreferences.h

@@ -20,22 +20,23 @@ NS_ASSUME_NONNULL_BEGIN
 
 /// The name of the query parameter used for logging the SDK version.
 extern NSString *const kSDKVersionLoggingParameter;
-
 /// The name of the query parameter used for logging the Apple execution environment.
 extern NSString *const kEnvironmentLoggingParameter;
-
 /// The name of the query parameter for the token exchange endpoint.
 extern NSString *const kAudienceParameter;
-
+extern NSString *const kOpenIDRealmParameter;
 extern NSString *const kIncludeGrantedScopesParameter;
-
 extern NSString *const kLoginHintParameter;
-
 extern NSString *const kHostedDomainParameter;
 
 /// Expected path in the URL scheme to be handled.
 extern NSString *const kBrowserCallbackPath;
 
+/// Parameters in the callback URL coming back from browser.
+extern NSString *const kOAuth2ErrorKeyName;
+extern NSString *const kOAuth2AccessDenied;
+extern NSString *const kEMMPasscodeInfoRequiredKeyName;
+
 NSString* GIDVersion(void);
 
 NSString* GIDEnvironment(void);

GoogleSignIn/Sources/GIDSignInPreferences.m

@@ -23,9 +23,15 @@ NSString *const kLoginHintParameter = @"login_hint";
 NSString *const kHostedDomainParameter = @"hd";
 NSString *const kSDKVersionLoggingParameter = @"gpsdk";
 NSString *const kEnvironmentLoggingParameter = @"gidenv";
+NSString *const kOpenIDRealmParameter = @"openid.realm";
 
 NSString *const kBrowserCallbackPath = @"/oauth2callback";
 
+// Parameters in the callback URL coming back from browser.
+NSString *const kOAuth2ErrorKeyName = @"error";
+NSString *const kOAuth2AccessDenied = @"access_denied";
+NSString *const kEMMPasscodeInfoRequiredKeyName = @"emm_passcode_info_required";
+
 static NSString *const kLSOServer = @"accounts.google.com";
 static NSString *const kTokenServer = @"oauth2.googleapis.com";
 static NSString *const kUserInfoServer = @"www.googleapis.com";