Move two public methods from GIDAuthentication to GIDGoogleUser

.gitignore

@@ -5,6 +5,7 @@
 *.pbxuser
 *.mode1v3
 *.mode2v3
+*.pbxproj
 *.perspectivev3
 *.xcuserstate
 *.xcworkspace/

GoogleSignIn/Sources/GIDAuthentication_Private.h → GoogleSignIn/Sources/GIDAuthentication.h

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-#import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h"
+#import <Foundation/Foundation.h>
 
 #ifdef SWIFT_PACKAGE
 @import AppAuth;
@@ -26,8 +26,11 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
+typedef void (^GIDAuthenticationCompletion)(OIDAuthState *_Nullable authState,
+                                            NSError *_Nullable error);
+
 // Internal methods for the class that are not part of the public API.
-@interface GIDAuthentication () <GTMAppAuthFetcherAuthorizationTokenRefreshDelegate>
+@interface GIDAuthentication : NSObject<GTMAppAuthFetcherAuthorizationTokenRefreshDelegate>
 
 // A representation of the state of the OAuth session for this instance.
 @property(nonatomic, readonly) OIDAuthState *authState;
@@ -39,6 +42,17 @@ NS_ASSUME_NONNULL_BEGIN
 
 - (instancetype)initWithAuthState:(OIDAuthState *)authState;
 
+// Gets a new authorizer for `GTLService`, `GTMSessionFetcher`, or `GTMHTTPFetcher`.
+- (id<GTMFetcherAuthorizationProtocol>)fetcherAuthorizer;
+
+// Get a OIDAuthState which contains a valid access token and a valid ID token, refreshing it first
+// if at least one token has expired or is about to expire.
+//
+// @param completion A completion block that takes a `OIDAuthState` or an error if the attempt
+//     to refresh tokens was unsuccessful.  The block will be called asynchronously on the main
+//     queue.
+- (void)doWithFreshTokens:(GIDAuthenticationCompletion)completion;
+
 #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 // Gets a new set of URL parameters that also contains EMM-related URL parameters if needed.
 + (NSDictionary *)parametersWithParameters:(NSDictionary *)parameters

GoogleSignIn/Sources/GIDAuthentication.m

@@ -12,9 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h"
-
-#import "GoogleSignIn/Sources/GIDAuthentication_Private.h"
+#import "GoogleSignIn/Sources/GIDAuthentication.h"
 
 #import "GoogleSignIn/Sources/GIDSignInPreferences.h"
 
@@ -57,6 +55,9 @@ static NSString *const kOldIOSSystemName = @"iPhone OS";
 // New UIDevice system name for iOS.
 static NSString *const kNewIOSSystemName = @"iOS";
 
+typedef void (^GIDAuthenticationCompletion)(OIDAuthState *_Nullable authState,
+                                            NSError *_Nullable error);
+
 #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 
 // The specialized GTMAppAuthFetcherAuthorization delegate that handles potential EMM error
@@ -169,32 +170,6 @@ static NSString *const kNewIOSSystemName = @"iOS";
   return self;
 }
 
-#pragma mark - Public property accessors
-
-- (NSString *)clientID {
-  return _authState.lastAuthorizationResponse.request.clientID;
-}
-
-- (NSString *)accessToken {
-  return _authState.lastTokenResponse.accessToken;
-}
-
-- (NSDate *)accessTokenExpirationDate {
-  return _authState.lastTokenResponse.accessTokenExpirationDate;
-}
-
-- (NSString *)refreshToken {
-  return _authState.refreshToken;
-}
-
-- (nullable NSString *)idToken {
-  return _authState.lastTokenResponse.idToken;
-}
-
-- (nullable NSDate *)idTokenExpirationDate {
-  return [[[OIDIDToken alloc] initWithIDTokenString:self.idToken] expiresAt];
-}
-
 #pragma mark - Private property accessors
 
 #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
@@ -220,10 +195,14 @@ static NSString *const kNewIOSSystemName = @"iOS";
 }
 
 - (void)doWithFreshTokens:(GIDAuthenticationCompletion)completion {
-  if (!([self.accessTokenExpirationDate timeIntervalSinceNow] < kMinimalTimeToExpire ||
-      (self.idToken && [self.idTokenExpirationDate timeIntervalSinceNow] < kMinimalTimeToExpire))) {
+  NSDate *accessTokenExpirationDate = _authState.lastTokenResponse.accessTokenExpirationDate;
+  NSString *idToken = _authState.lastTokenResponse.idToken;
+  NSDate *idTokenExpirationDate = [[[OIDIDToken alloc] initWithIDTokenString:idToken] expiresAt];
+  
+  if (!([accessTokenExpirationDate timeIntervalSinceNow] < kMinimalTimeToExpire ||
+      (idToken && [idTokenExpirationDate timeIntervalSinceNow] < kMinimalTimeToExpire))) {
     dispatch_async(dispatch_get_main_queue(), ^{
-      completion(self, nil);
+      completion(self->_authState, nil);
     });
     return;
   }
@@ -255,15 +234,7 @@ static NSString *const kNewIOSSystemName = @"iOS";
                                       callback:^(OIDTokenResponse *_Nullable tokenResponse,
                                                  NSError *_Nullable error) {
     if (tokenResponse) {
-      [self willChangeValueForKey:NSStringFromSelector(@selector(accessToken))];
-      [self willChangeValueForKey:NSStringFromSelector(@selector(accessTokenExpirationDate))];
-      [self willChangeValueForKey:NSStringFromSelector(@selector(idToken))];
-      [self willChangeValueForKey:NSStringFromSelector(@selector(idTokenExpirationDate))];
       [self->_authState updateWithTokenResponse:tokenResponse error:nil];
-      [self didChangeValueForKey:NSStringFromSelector(@selector(accessToken))];
-      [self didChangeValueForKey:NSStringFromSelector(@selector(accessTokenExpirationDate))];
-      [self didChangeValueForKey:NSStringFromSelector(@selector(idToken))];
-      [self didChangeValueForKey:NSStringFromSelector(@selector(idTokenExpirationDate))];
     } else {
       if (error.domain == OIDOAuthTokenErrorDomain) {
         [self->_authState updateWithAuthorizationError:error];
@@ -279,7 +250,7 @@ static NSString *const kNewIOSSystemName = @"iOS";
       }
       for (GIDAuthenticationCompletion completion in authenticationHandlerQueue) {
         dispatch_async(dispatch_get_main_queue(), ^{
-          completion(error ? nil : self, error);
+          completion(error ? nil : self->_authState, error);
         });
       }
     }];
@@ -291,7 +262,7 @@ static NSString *const kNewIOSSystemName = @"iOS";
     }
     for (GIDAuthenticationCompletion completion in authenticationHandlerQueue) {
       dispatch_async(dispatch_get_main_queue(), ^{
-        completion(error ? nil : self, error);
+        completion(error ? nil : self->_authState, error);
       });
     }
 #endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST

GoogleSignIn/Sources/GIDGoogleUser.m

@@ -18,7 +18,7 @@
 
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDConfiguration.h"
 
-#import "GoogleSignIn/Sources/GIDAuthentication_Private.h"
+#import "GoogleSignIn/Sources/GIDAuthentication.h"
 #import "GoogleSignIn/Sources/GIDProfileData_Private.h"
 #import "GoogleSignIn/Sources/GIDToken_Private.h"
 
@@ -135,6 +135,22 @@ NS_ASSUME_NONNULL_BEGIN
   return _cachedIdToken;
 }
 
+- (id<GTMFetcherAuthorizationProtocol>) fetcherAuthorizer {
+  return [_authentication fetcherAuthorizer];
+}
+
+- (void)doWithFreshTokens:(void (^)(GIDGoogleUser *_Nullable user,
+                                    NSError *_Nullable error))completion {
+  [_authentication doWithFreshTokens:^(OIDAuthState *authState, NSError *error) {
+    if (authState) {
+      [self updateAuthState:authState];
+      completion(self, error);
+    } else {
+      completion(nil, error);
+    }
+  }];
+}
+
 #pragma mark - Private Methods
 
 - (instancetype)initWithAuthState:(OIDAuthState *)authState
@@ -148,15 +164,19 @@ NS_ASSUME_NONNULL_BEGIN
 
 - (void)updateAuthState:(OIDAuthState *)authState
             profileData:(nullable GIDProfileData *)profileData {
-  @synchronized(self) {
-    _authState = authState;
-    _authentication = [[GIDAuthentication alloc] initWithAuthState:authState];
-    _profile = profileData;
-    
-    // These three tokens will be generated in the getter and cached .
-    _cachedAccessToken = nil;
-    _cachedRefreshToken = nil;
-    _cachedIdToken = nil;
+  _profile = profileData;
+  [self updateAuthState:authState];
+}
+
+- (void)updateAuthState:(OIDAuthState *)authState {
+    @synchronized(self) {
+      _authState = authState;
+      _authentication = [[GIDAuthentication alloc] initWithAuthState:authState];
+      
+      // These three tokens will be generated in the getter and cached .
+      _cachedAccessToken = nil;
+      _cachedRefreshToken = nil;
+      _cachedIdToken = nil;
   }
 }
 

GoogleSignIn/Sources/GIDGoogleUser_Private.h

@@ -16,6 +16,8 @@
 
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDGoogleUser.h"
 
+@class GIDAuthentication;
+
 NS_ASSUME_NONNULL_BEGIN
 
 @class OIDAuthState;
@@ -23,6 +25,9 @@ NS_ASSUME_NONNULL_BEGIN
 // Internal methods for the class that are not part of the public API.
 @interface GIDGoogleUser ()
 
+/// The authentication object for the user.
+@property(nonatomic, readonly) GIDAuthentication *authentication;
+
 // Create a object with an auth state, scopes, and profile data.
 - (instancetype)initWithAuthState:(OIDAuthState *)authState
                       profileData:(nullable GIDProfileData *)profileData;

GoogleSignIn/Sources/GIDSignIn.m

@@ -16,12 +16,12 @@
 
 #import "GoogleSignIn/Sources/GIDSignIn_Private.h"
 
-#import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDConfiguration.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDGoogleUser.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDProfileData.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDUserAuth.h"
 
+#import "GoogleSignIn/Sources/GIDAuthentication.h"
 #import "GoogleSignIn/Sources/GIDSignInInternalOptions.h"
 #import "GoogleSignIn/Sources/GIDSignInPreferences.h"
 #import "GoogleSignIn/Sources/GIDCallbackQueue.h"
@@ -32,7 +32,7 @@
 #import "GoogleSignIn/Sources/GIDEMMErrorHandler.h"
 #endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 
-#import "GoogleSignIn/Sources/GIDAuthentication_Private.h"
+
 #import "GoogleSignIn/Sources/GIDGoogleUser_Private.h"
 #import "GoogleSignIn/Sources/GIDProfileData_Private.h"
 #import "GoogleSignIn/Sources/GIDUserAuth_Private.h"
@@ -536,7 +536,7 @@ static const NSTimeInterval kMinimumRestoredAccessTokenTimeToExpire = 600.0;
 
   // If this is a non-interactive flow, use cached authentication if possible.
   if (!options.interactive && _currentUser.authentication) {
-    [_currentUser.authentication doWithFreshTokens:^(GIDAuthentication *unused, NSError *error) {
+    [_currentUser.authentication doWithFreshTokens:^(OIDAuthState *unused, NSError *error) {
       if (error) {
         [self authenticateWithOptions:options];
       } else {

GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h

@@ -1,75 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#import <Foundation/Foundation.h>
-
-// We have to import GTMAppAuth because forward declaring the protocol does
-// not generate the `fetcherAuthorizer` method below for Swift.
-#ifdef SWIFT_PACKAGE
-@import GTMAppAuth;
-#else
-#import <GTMAppAuth/GTMAppAuthFetcherAuthorization.h>
-#endif
-
-@class GIDAuthentication;
-
-NS_ASSUME_NONNULL_BEGIN
-
-/// A completion block that takes a `GIDAuthentication` or an error if the attempt to refresh tokens
-/// was unsuccessful.
-typedef void (^GIDAuthenticationCompletion)(GIDAuthentication *_Nullable authentication,
-                                            NSError *_Nullable error);
-
-/// This class represents the OAuth 2.0 entities needed for sign-in.
-@interface GIDAuthentication : NSObject <NSSecureCoding>
-
-/// The client ID associated with the authentication.
-@property(nonatomic, readonly) NSString *clientID;
-
-/// The OAuth2 access token to access Google services.
-@property(nonatomic, readonly) NSString *accessToken;
-
-/// The estimated expiration date of the access token.
-@property(nonatomic, readonly) NSDate *accessTokenExpirationDate;
-
-/// The OAuth2 refresh token to exchange for new access tokens.
-@property(nonatomic, readonly) NSString *refreshToken;
-
-/// An OpenID Connect ID token that identifies the user. Send this token to your server to
-/// authenticate the user there. For more information on this topic, see
-/// https://developers.google.com/identity/sign-in/ios/backend-auth
-@property(nonatomic, readonly, nullable) NSString *idToken;
-
-/// The estimated expiration date of the ID token.
-@property(nonatomic, readonly, nullable) NSDate *idTokenExpirationDate;
-
-/// Gets a new authorizer for `GTLService`, `GTMSessionFetcher`, or `GTMHTTPFetcher`.
-///
-/// @return A new authorizer
-- (id<GTMFetcherAuthorizationProtocol>)fetcherAuthorizer;
-
-/// Get a valid access token and a valid ID token, refreshing them first if they have expired or are
-/// about to expire.
-///
-/// @param completion A completion block that takes a `GIDAuthentication` or an error if the attempt
-///     to refresh tokens was unsuccessful.  The block will be called asynchronously on the main
-///     queue.
-- (void)doWithFreshTokens:(GIDAuthenticationCompletion)completion;
-
-@end
-
-
-NS_ASSUME_NONNULL_END

GoogleSignIn/Sources/Public/GoogleSignIn/GIDGoogleUser.h

@@ -16,13 +16,20 @@
 
 #import <Foundation/Foundation.h>
 
-NS_ASSUME_NONNULL_BEGIN
+// We have to import GTMAppAuth because forward declaring the protocol does
+// not generate the `fetcherAuthorizer` method below for Swift.
+#ifdef SWIFT_PACKAGE
+@import GTMAppAuth;
+#else
+#import <GTMAppAuth/GTMAppAuthFetcherAuthorization.h>
+#endif
 
-@class GIDAuthentication;
 @class GIDConfiguration;
 @class GIDToken;
 @class GIDProfileData;
 
+NS_ASSUME_NONNULL_BEGIN
+
 /// This class represents a user account.
 @interface GIDGoogleUser : NSObject <NSSecureCoding>
 
@@ -32,9 +39,6 @@ NS_ASSUME_NONNULL_BEGIN
 /// Representation of basic profile data for the user.
 @property(nonatomic, readonly, nullable) GIDProfileData *profile;
 
-/// The authentication object for the user.
-@property(nonatomic, readonly) GIDAuthentication *authentication;
-
 /// The API scopes granted to the app in an array of `NSString`.
 @property(nonatomic, readonly, nullable) NSArray<NSString *> *grantedScopes;
 
@@ -53,6 +57,20 @@ NS_ASSUME_NONNULL_BEGIN
 /// see https://developers.google.com/identity/sign-in/ios/backend-auth.
 @property(nonatomic, readonly, nullable) GIDToken *idToken;
 
+/// Gets a new authorizer for `GTLService`, `GTMSessionFetcher`, or `GTMHTTPFetcher`.
+///
+/// @return A new authorizer
+- (id<GTMFetcherAuthorizationProtocol>) fetcherAuthorizer;
+
+/// Get a valid access token and a valid ID token, refreshing them first if they have expired or are
+/// about to expire.
+///
+/// @param completion A completion block that takes a `GIDGoogleUser` or an error if the attempt
+///     to refresh tokens was unsuccessful.  The block will be called asynchronously on the main
+///     queue.
+- (void)doWithFreshTokens:(void (^)(GIDGoogleUser *_Nullable user,
+                                    NSError *_Nullable error))completion;
+
 @end
 
 NS_ASSUME_NONNULL_END

GoogleSignIn/Sources/Public/GoogleSignIn/GoogleSignIn.h

@@ -15,7 +15,6 @@
  */
 #import <TargetConditionals.h>
 
-#import "GIDAuthentication.h"
 #import "GIDConfiguration.h"
 #import "GIDGoogleUser.h"
 #import "GIDProfileData.h"

GoogleSignIn/Tests/Unit/GIDAuthentication+Testing.h

@@ -1,25 +0,0 @@
-/*
- * Copyright 2021 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h"
-
-@interface GIDAuthentication (Testing)
-
-- (BOOL)isEqual:(id)object;
-- (BOOL)isEqualToAuthentication:(GIDAuthentication *)other;
-- (NSUInteger)hash;
-
-@end

GoogleSignIn/Tests/Unit/GIDAuthentication+Testing.m

@@ -1,46 +0,0 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#import "GoogleSignIn/Tests/Unit/GIDAuthentication+Testing.h"
-
-@implementation GIDAuthentication (Testing)
-
-- (BOOL)isEqual:(id)object {
-  if (self == object) {
-    return YES;
-  }
-  if (![object isKindOfClass:[GIDAuthentication class]]) {
-    return NO;
-  }
-  return [self isEqualToAuthentication:(GIDAuthentication *)object];
-}
-
-- (BOOL)isEqualToAuthentication:(GIDAuthentication *)other {
-  return [self.clientID isEqual:other.clientID] &&
-      [self.accessToken isEqual:other.accessToken] &&
-      [self.accessTokenExpirationDate isEqual:other.accessTokenExpirationDate] &&
-      [self.refreshToken isEqual:other.refreshToken] &&
-      (self.idToken == other.idToken || [self.idToken isEqual:other.idToken]) &&
-      (self.idTokenExpirationDate == other.idTokenExpirationDate ||
-          [self.idTokenExpirationDate isEqual:other.idTokenExpirationDate]);
-}
-
-// Not the hash implemention you want to use on prod, but just to match |isEqual:| here.
-- (NSUInteger)hash {
-  return [self.clientID hash] ^ [self.accessToken hash] ^ [self.accessTokenExpirationDate hash] ^
-      [self.refreshToken hash] ^ [self.idToken hash] ^ [self.idTokenExpirationDate hash];
-}
-
-@end
-

GoogleSignIn/Tests/Unit/GIDAuthenticationTest.m

@@ -14,10 +14,10 @@
 
 #import <XCTest/XCTest.h>
 
-#import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h"
+#import "GoogleSignIn/Sources/GIDAuthentication.h"
+
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDSignIn.h"
 
-#import "GoogleSignIn/Sources/GIDAuthentication_Private.h"
 #import "GoogleSignIn/Sources/GIDEMMErrorHandler.h"
 #import "GoogleSignIn/Sources/GIDMDMPasscodeState.h"
 #import "GoogleSignIn/Sources/GIDSignInPreferences.h"
@@ -64,38 +64,6 @@ static NSString *const kOldIOSName = @"iPhone OS";
 // The system name in new iOS versions.
 static NSString *const kNewIOSName = @"iOS";
 
-// List of observed properties of the class being tested.
-static NSString *const kObservedProperties[] = {
-  @"accessToken",
-  @"accessTokenExpirationDate",
-  @"idToken",
-  @"idTokenExpirationDate"
-};
-static const NSUInteger kNumberOfObservedProperties =
-    sizeof(kObservedProperties) / sizeof(*kObservedProperties);
-
-// Bit position for notification change type bitmask flags.
-// Must match the list of observed properties above.
-typedef NS_ENUM(NSUInteger, ChangeType) {
-  kChangeTypeAccessTokenPrior,
-  kChangeTypeAccessToken,
-  kChangeTypeAccessTokenExpirationDatePrior,
-  kChangeTypeAccessTokenExpirationDate,
-  kChangeTypeIDTokenPrior,
-  kChangeTypeIDToken,
-  kChangeTypeIDTokenExpirationDatePrior,
-  kChangeTypeIDTokenExpirationDate,
-  kChangeTypeEnd  // not a real change type but an end mark for calculating |kChangeAll|
-};
-
-static const NSUInteger kChangeNone = 0u;
-static const NSUInteger kChangeAll = (1u << kChangeTypeEnd) - 1u;
-
-#if __has_feature(c_static_assert) || __has_extension(c_static_assert)
-_Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObservedProperties)) * 2,
-               "List of observed properties must match list of change notification enums");
-#endif
-
 @interface GIDAuthenticationTest : XCTestCase
 @end
 
@@ -118,12 +86,6 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   // The saved token request.
   OIDTokenRequest *_tokenRequest;
 
-  // All GIDAuthentication objects that are observed.
-  NSMutableArray *_observedAuths;
-
-  // Bitmask flags for observed changes, as specified in |ChangeType|.
-  NSUInteger _changesObserved;
-
   // The fake system name used for testing.
   NSString *_fakeSystemName;
 }
@@ -149,8 +111,6 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
     self->_tokenRequest = [request copy];
     return nil;
   }];
-  _observedAuths = [[NSMutableArray alloc] init];
-  _changesObserved = 0;
   _fakeSystemName = kNewIOSName;
 #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
   [GULSwizzler swizzleClass:[UIDevice class]
@@ -168,45 +128,11 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   [GULSwizzler unswizzleClass:[UIDevice class]
                      selector:@selector(systemName)
               isClassSelector:NO];
-#endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST
-  for (GIDAuthentication *auth in _observedAuths) {
-    for (unsigned int i = 0; i < kNumberOfObservedProperties; ++i) {
-      [auth removeObserver:self forKeyPath:kObservedProperties[i]];
-    }
-  }
-  _observedAuths = nil;
+#endif
 }
 
 #pragma mark - Tests
 
-- (void)testInitWithAuthState {
-  OIDAuthState *authState = [OIDAuthState testInstance];
-  GIDAuthentication *auth = [[GIDAuthentication alloc] initWithAuthState:authState];
-
-  XCTAssertEqualObjects(auth.clientID, authState.lastAuthorizationResponse.request.clientID);
-  XCTAssertEqualObjects(auth.accessToken, authState.lastTokenResponse.accessToken);
-  XCTAssertEqualObjects(auth.accessTokenExpirationDate,
-                        authState.lastTokenResponse.accessTokenExpirationDate);
-  XCTAssertEqualObjects(auth.refreshToken, authState.refreshToken);
-  XCTAssertEqualObjects(auth.idToken, authState.lastTokenResponse.idToken);
-  OIDIDToken *idToken = [[OIDIDToken alloc]
-      initWithIDTokenString:authState.lastTokenResponse.idToken];
-  XCTAssertEqualObjects(auth.idTokenExpirationDate, [idToken expiresAt]);
-}
-
-- (void)testInitWithAuthStateNoIDToken {
-  OIDAuthState *authState = [OIDAuthState testInstanceWithIDToken:nil];
-  GIDAuthentication *auth = [[GIDAuthentication alloc] initWithAuthState:authState];
-
-  XCTAssertEqualObjects(auth.clientID, authState.lastAuthorizationResponse.request.clientID);
-  XCTAssertEqualObjects(auth.accessToken, authState.lastTokenResponse.accessToken);
-  XCTAssertEqualObjects(auth.accessTokenExpirationDate,
-                        authState.lastTokenResponse.accessTokenExpirationDate);
-  XCTAssertEqualObjects(auth.refreshToken, authState.refreshToken);
-  XCTAssertNil(auth.idToken);
-  XCTAssertNil(auth.idTokenExpirationDate);
-}
-
 - (void)testAuthState {
   OIDAuthState *authState = [OIDAuthState testInstance];
   GIDAuthentication *auth = [[GIDAuthentication alloc] initWithAuthState:authState];
@@ -215,31 +141,6 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   XCTAssertEqual(authState, authStateReturned);
 }
 
-- (void)testCoding {
-  if (@available(iOS 11, macOS 10.13, *)) {
-    GIDAuthentication *auth = [self auth];
-    NSData *data = [NSKeyedArchiver archivedDataWithRootObject:auth requiringSecureCoding:YES error:nil];
-    GIDAuthentication *newAuth = [NSKeyedUnarchiver unarchivedObjectOfClass:[GIDAuthentication class]
-                                                                   fromData:data
-                                                                      error:nil];
-    XCTAssertEqualObjects(auth, newAuth);
-    XCTAssertTrue([GIDAuthentication supportsSecureCoding]);
-  } else {
-    XCTSkip(@"Required API is not available for this test.");
-  }
-}
-
-#if TARGET_OS_IOS || TARGET_OS_MACCATALYST
-// Deprecated in iOS 13 and macOS 10.14
-- (void)testLegacyCoding {
-  GIDAuthentication *auth = [self auth];
-  NSData *data = [NSKeyedArchiver archivedDataWithRootObject:auth];
-  GIDAuthentication *newAuth = [NSKeyedUnarchiver unarchiveObjectWithData:data];
-  XCTAssertEqualObjects(auth, newAuth);
-  XCTAssertTrue([GIDAuthentication supportsSecureCoding]);
-}
-#endif // TARGET_OS_IOS || TARGET_OS_MACCATALYST
-
 - (void)testFetcherAuthorizer {
   // This is really hard to test without assuming how GTMAppAuthFetcherAuthorization works
   // internally, so let's just take the shortcut here by asserting we get a
@@ -288,37 +189,37 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
 
 - (void)testDoWithFreshTokensError {
   [self setTokensExpireTime:-10];  // expired 10 seconds ago
-  GIDAuthentication *auth = [self observedAuth];
+  GIDAuthentication *auth = [self auth];
   XCTestExpectation *expectation = [self expectationWithDescription:@"Callback is called"];
-  [auth doWithFreshTokens:^(GIDAuthentication *authentication, NSError *error) {
+  [auth doWithFreshTokens:^(OIDAuthState *authState, NSError *error) {
     [expectation fulfill];
-    XCTAssertNil(authentication);
+    XCTAssertNil(authState);
     XCTAssertNotNil(error);
   }];
   _tokenFetchHandler(nil, [self fakeError]);
   [self waitForExpectationsWithTimeout:1 handler:nil];
-  [self assertOldTokensInAuth:auth];
+  [self assertOldTokensInAuth:auth.authState];
 }
 
 - (void)testDoWithFreshTokensQueue {
-  GIDAuthentication *auth = [self observedAuth];
+  GIDAuthentication *auth = [self auth];
   XCTestExpectation *firstExpectation =
       [self expectationWithDescription:@"First callback is called"];
-  [auth doWithFreshTokens:^(GIDAuthentication *authentication, NSError *error) {
+  [auth doWithFreshTokens:^(OIDAuthState *authState, NSError *error) {
     [firstExpectation fulfill];
-    [self assertNewTokensInAuth:authentication];
+    [self assertNewTokensInAuth:authState];
     XCTAssertNil(error);
   }];
   XCTestExpectation *secondExpectation =
       [self expectationWithDescription:@"Second callback is called"];
-  [auth doWithFreshTokens:^(GIDAuthentication *authentication, NSError *error) {
+  [auth doWithFreshTokens:^(OIDAuthState *authState, NSError *error) {
     [secondExpectation fulfill];
-    [self assertNewTokensInAuth:authentication];
+    [self assertNewTokensInAuth:authState];
     XCTAssertNil(error);
   }];
   _tokenFetchHandler([self tokenResponseWithNewTokens], nil);
   [self waitForExpectationsWithTimeout:1 handler:nil];
-  [self assertNewTokensInAuth:auth];
+  [self assertNewTokensInAuth:auth.authState];
 }
 
 #pragma mark - EMM Support
@@ -330,8 +231,7 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
     @"emm_support" : @"xyz",
   };
   GIDAuthentication *auth = [self auth];
-  [auth doWithFreshTokens:^(GIDAuthentication * _Nonnull authentication,
-                            NSError * _Nullable error) {}];
+  [auth doWithFreshTokens:^(OIDAuthState *authState, NSError *error){}];
   _tokenFetchHandler([self tokenResponseWithNewTokens], nil);
   NSDictionary *expectedParameters = @{
     @"emm_support" : @"xyz",
@@ -350,7 +250,7 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
     @"emm_support" : @"xyz",
   };
   GIDAuthentication *auth = [self auth];
-  [auth doWithFreshTokens:^(GIDAuthentication * _Nonnull authentication,
+  [auth doWithFreshTokens:^(OIDAuthState * _Nonnull authState,
                             NSError * _Nullable error) {}];
   _tokenFetchHandler([self tokenResponseWithNewTokens], nil);
   NSDictionary *expectedParameters = @{
@@ -371,7 +271,7 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
     @"emm_passcode_info" : @"something",
   };
   GIDAuthentication *auth = [self auth];
-  [auth doWithFreshTokens:^(GIDAuthentication * _Nonnull authentication,
+  [auth doWithFreshTokens:^(OIDAuthState * _Nonnull authState,
                             NSError * _Nullable error) {}];
   _tokenFetchHandler([self tokenResponseWithNewTokens], nil);
   NSDictionary *expectedParameters = @{
@@ -409,10 +309,10 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   XCTestExpectation *notCalled = [self expectationWithDescription:@"Callback is not called"];
   notCalled.inverted = YES;
   XCTestExpectation *called = [self expectationWithDescription:@"Callback is called"];
-  [auth doWithFreshTokens:^(GIDAuthentication *authentication, NSError *error) {
+  [auth doWithFreshTokens:^(OIDAuthState *authState, NSError *error) {
     [notCalled fulfill];
     [called fulfill];
-    XCTAssertNil(authentication);
+    XCTAssertNil(authState);
     XCTAssertEqualObjects(error.domain, kGIDSignInErrorDomain);
     XCTAssertEqual(error.code, kGIDSignInErrorCodeEMM);
   }];
@@ -424,7 +324,7 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   [self waitForExpectations:@[ notCalled ] timeout:1];
   completion();
   [self waitForExpectations:@[ called ] timeout:1];
-  [self assertOldTokensInAuth:auth];
+  [self assertOldTokensInAuth:auth.authState];
 }
 
 - (void)testNonEMMError {
@@ -450,10 +350,10 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   XCTestExpectation *notCalled = [self expectationWithDescription:@"Callback is not called"];
   notCalled.inverted = YES;
   XCTestExpectation *called = [self expectationWithDescription:@"Callback is called"];
-  [auth doWithFreshTokens:^(GIDAuthentication *authentication, NSError *error) {
+  [auth doWithFreshTokens:^(OIDAuthState *authState, NSError *error) {
     [notCalled fulfill];
     [called fulfill];
-    XCTAssertNil(authentication);
+    XCTAssertNil(authState);
     XCTAssertEqualObjects(error.domain, @"anydomain");
     XCTAssertEqual(error.code, 12345);
   }];
@@ -465,7 +365,7 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   [self waitForExpectations:@[ notCalled ] timeout:1];
   completion();
   [self waitForExpectations:@[ called ] timeout:1];
-  [self assertOldTokensInAuth:auth];
+  [self assertOldTokensInAuth:auth.authState];
 }
 
 - (void)testCodingPreserveEMMParameters {
@@ -476,7 +376,7 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   };
   NSData *data = [NSKeyedArchiver archivedDataWithRootObject:[self auth]];
   GIDAuthentication *auth = [NSKeyedUnarchiver unarchiveObjectWithData:data];
-  [auth doWithFreshTokens:^(GIDAuthentication * _Nonnull authentication,
+  [auth doWithFreshTokens:^(OIDAuthState * _Nonnull authState,
                             NSError * _Nullable error) {}];
   _tokenFetchHandler([self tokenResponseWithNewTokens], nil);
   NSDictionary *expectedParameters = @{
@@ -493,59 +393,6 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
 
 #endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 
-#pragma mark - NSKeyValueObserving
-
-- (void)observeValueForKeyPath:(NSString *)keyPath
-                      ofObject:(id)object
-                        change:(NSDictionary *)change
-                       context:(void *)context {
-  GIDAuthentication *auth = (GIDAuthentication *)object;
-  ChangeType changeType;
-  if ([keyPath isEqualToString:@"accessToken"]) {
-    if (change[NSKeyValueChangeNotificationIsPriorKey]) {
-      XCTAssertEqualObjects(auth.accessToken, kAccessToken);
-      changeType = kChangeTypeAccessTokenPrior;
-    } else {
-      XCTAssertEqualObjects(auth.accessToken, kNewAccessToken);
-      changeType = kChangeTypeAccessToken;
-    }
-  } else if ([keyPath isEqualToString:@"accessTokenExpirationDate"]) {
-    if (change[NSKeyValueChangeNotificationIsPriorKey]) {
-      [self assertDate:auth.accessTokenExpirationDate equalTime:_accessTokenExpireTime];
-      changeType = kChangeTypeAccessTokenExpirationDatePrior;
-    } else {
-      [self assertDate:auth.accessTokenExpirationDate equalTime:kNewExpireTime];
-      changeType = kChangeTypeAccessTokenExpirationDate;
-    }
-  } else if ([keyPath isEqualToString:@"idToken"]) {
-    if (change[NSKeyValueChangeNotificationIsPriorKey]) {
-      XCTAssertEqualObjects(auth.idToken, [self idToken]);
-      changeType = kChangeTypeIDTokenPrior;
-    } else {
-      XCTAssertEqualObjects(auth.idToken, [self idTokenNew]);
-      changeType = kChangeTypeIDToken;
-    }
-  } else if ([keyPath isEqualToString:@"idTokenExpirationDate"]) {
-    if (change[NSKeyValueChangeNotificationIsPriorKey]) {
-      if (_hasIDToken) {
-        [self assertDate:auth.idTokenExpirationDate equalTime:_idTokenExpireTime];
-      }
-      changeType = kChangeTypeIDTokenExpirationDatePrior;
-    } else {
-      if (_hasIDToken) {
-        [self assertDate:auth.idTokenExpirationDate equalTime:kNewExpireTime2];
-      }
-      changeType = kChangeTypeIDTokenExpirationDate;
-    }
-  } else {
-    XCTFail(@"unexpected keyPath");
-    return;  // so compiler knows |changeType| is always assigned
-  }
-  NSUInteger changeMask = 1u << changeType;
-  XCTAssertFalse(_changesObserved & changeMask);  // each change type should only fire once
-  _changesObserved |= changeMask;
-}
-
 #pragma mark - Helpers
 
 - (GIDAuthentication *)auth {
@@ -578,19 +425,6 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   return [self idTokenWithExpireTime:kNewExpireTime2];
 }
 
-// Return the auth object that has certain property changes observed.
-- (GIDAuthentication *)observedAuth {
-  GIDAuthentication *auth = [self auth];
-  for (unsigned int i = 0; i < kNumberOfObservedProperties; ++i) {
-    [auth addObserver:self
-           forKeyPath:kObservedProperties[i]
-              options:NSKeyValueObservingOptionPrior
-              context:NULL];
-  }
-  [_observedAuths addObject:auth];
-  return auth;
-}
-
 - (OIDTokenResponse *)tokenResponseWithNewTokens {
   NSNumber *expiresIn = @(kNewExpireTime - [NSDate timeIntervalSinceReferenceDate]);
   return [OIDTokenResponse testInstanceWithIDToken:(_hasIDToken ? [self idTokenNew] : nil)
@@ -607,31 +441,29 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
   XCTAssertEqualWithAccuracy([date timeIntervalSinceReferenceDate], time, kTimeAccuracy);
 }
 
-- (void)assertOldAccessTokenInAuth:(GIDAuthentication *)auth {
-  XCTAssertEqualObjects(auth.accessToken, kAccessToken);
-  [self assertDate:auth.accessTokenExpirationDate equalTime:_accessTokenExpireTime];
-  XCTAssertEqual(_changesObserved, kChangeNone);
+- (void)assertOldAccessTokenInAuth:(OIDAuthState *)auth {
+  XCTAssertEqualObjects([self accessTokenString:auth], kAccessToken);
+  [self assertDate:[self accessTokenExpirationDate:auth] equalTime:_accessTokenExpireTime];
 }
 
-- (void)assertNewAccessTokenInAuth:(GIDAuthentication *)auth {
-  XCTAssertEqualObjects(auth.accessToken, kNewAccessToken);
-  [self assertDate:auth.accessTokenExpirationDate equalTime:kNewExpireTime];
-  XCTAssertEqual(_changesObserved, kChangeAll);
+- (void)assertNewAccessTokenInAuth:(OIDAuthState *)auth {
+  XCTAssertEqualObjects([self accessTokenString:auth], kNewAccessToken);
+  [self assertDate:[self accessTokenExpirationDate:auth] equalTime:kNewExpireTime];
 }
 
-- (void)assertOldTokensInAuth:(GIDAuthentication *)auth {
+- (void)assertOldTokensInAuth:(OIDAuthState *)auth {
   [self assertOldAccessTokenInAuth:auth];
-  XCTAssertEqualObjects(auth.idToken, [self idToken]);
+  XCTAssertEqualObjects([self idTokenString:auth], [self idToken]);
   if (_hasIDToken) {
-    [self assertDate:auth.idTokenExpirationDate equalTime:_idTokenExpireTime];
+    [self assertDate:[self idTokenExpirationDate:auth] equalTime:_idTokenExpireTime];
   }
 }
 
-- (void)assertNewTokensInAuth:(GIDAuthentication *)auth {
+- (void)assertNewTokensInAuth:(OIDAuthState *)auth {
   [self assertNewAccessTokenInAuth:auth];
-  XCTAssertEqualObjects(auth.idToken, [self idTokenNew]);
+  XCTAssertEqualObjects([self idTokenString:auth], [self idTokenNew]);
   if (_hasIDToken) {
-    [self assertDate:auth.idTokenExpirationDate equalTime:kNewExpireTime2];
+    [self assertDate:[self idTokenExpirationDate:auth] equalTime:kNewExpireTime2];
   }
 }
 
@@ -645,37 +477,63 @@ _Static_assert(kChangeTypeEnd == (sizeof(kObservedProperties) / sizeof(*kObserve
 }
 
 - (void)verifyTokensRefreshedWithMethod:(SEL)sel {
-  GIDAuthentication *auth = [self observedAuth];
+  GIDAuthentication *auth = [self auth];
   XCTestExpectation *expectation = [self expectationWithDescription:@"Callback is called"];
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Warc-performSelector-leaks"
   // We know the method doesn't return anything, so there is no risk of leaking.
-  [auth performSelector:sel withObject:^(GIDAuthentication *authentication, NSError *error) {
+  [auth performSelector:sel withObject:^(OIDAuthState *authState, NSError *error) {
 #pragma clang diagnostic pop
     [expectation fulfill];
-    [self assertNewTokensInAuth:authentication];
+    [self assertNewTokensInAuth:authState];
     XCTAssertNil(error);
   }];
   _tokenFetchHandler([self tokenResponseWithNewTokens], nil);
   [self waitForExpectationsWithTimeout:1 handler:nil];
-  [self assertNewTokensInAuth:auth];
+  [self assertNewTokensInAuth:auth.authState];
 }
 
 - (void)verifyTokensNotRefreshedWithMethod:(SEL)sel {
-  GIDAuthentication *auth = [self observedAuth];
+  GIDAuthentication *auth = [self auth];
   XCTestExpectation *expectation = [self expectationWithDescription:@"Callback is called"];
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Warc-performSelector-leaks"
   // We know the method doesn't return anything, so there is no risk of leaking.
-  [auth performSelector:sel withObject:^(GIDAuthentication *authentication, NSError *error) {
+  [auth performSelector:sel withObject:^(OIDAuthState *authState, NSError *error) {
 #pragma clang diagnostic pop
     [expectation fulfill];
-    [self assertOldTokensInAuth:authentication];
+    [self assertOldTokensInAuth:authState];
     XCTAssertNil(error);
   }];
   XCTAssertNil(_tokenFetchHandler);
   [self waitForExpectationsWithTimeout:1 handler:nil];
-  [self assertOldTokensInAuth:auth];
+  [self assertOldTokensInAuth:auth.authState];
+}
+
+#pragma mark - Parse OIDAuthState
+
+- (NSString *)accessTokenString:(OIDAuthState *)authState {
+  return authState.lastTokenResponse.accessToken;
+}
+
+- (NSDate *)accessTokenExpirationDate:(OIDAuthState *)authState {
+  return authState.lastTokenResponse.accessTokenExpirationDate;
+}
+
+- (NSString *)refreshTokenString:(OIDAuthState *)authState {
+  return authState.refreshToken;
+}
+
+- (nullable NSString *)idTokenString:(OIDAuthState *)authState {
+  return authState.lastTokenResponse.idToken;
+}
+
+- (nullable NSDate *)idTokenExpirationDate:(OIDAuthState *)authState {
+  NSString *idTokenString = [self idTokenString:authState];
+  if (!idTokenString) {
+    return nil;
+  }
+  return [[[OIDIDToken alloc] initWithIDTokenString:idTokenString] expiresAt];
 }
 
 @end

GoogleSignIn/Tests/Unit/GIDGoogleUser+Testing.m

@@ -17,7 +17,6 @@
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDConfiguration.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDToken.h"
 
-#import "GoogleSignIn/Tests/Unit/GIDAuthentication+Testing.h"
 #import "GoogleSignIn/Tests/Unit/GIDConfiguration+Testing.h"
 #import "GoogleSignIn/Tests/Unit/GIDProfileData+Testing.h"
 
@@ -34,8 +33,7 @@
 }
 
 - (BOOL)isEqualToGoogleUser:(GIDGoogleUser *)other {
-  return [self.authentication isEqual:other.authentication] &&
-      [self.userID isEqual:other.userID] &&
+  return [self.userID isEqual:other.userID] &&
       [self.profile isEqual:other.profile] &&
       [self.configuration isEqual:other.configuration] &&
       [self.idToken isEqual:other.idToken] &&
@@ -45,7 +43,7 @@
 
 // Not the hash implemention you want to use on prod, but just to match |isEqual:| here.
 - (NSUInteger)hash {
-  return [self.authentication hash] ^ [self.userID hash] ^ [self.configuration hash] ^
+  return [self.userID hash] ^ [self.configuration hash] ^
       [self.profile hash] ^ [self.idToken hash] ^ [self.refreshToken hash] ^
       [self.accessToken hash];
 }

GoogleSignIn/Tests/Unit/GIDGoogleUserTest.m

@@ -16,12 +16,11 @@
 
 #import <XCTest/XCTest.h>
 
-#import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDAuthentication.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDConfiguration.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDProfileData.h"
 #import "GoogleSignIn/Sources/Public/GoogleSignIn/GIDToken.h"
 
-#import "GoogleSignIn/Sources/GIDAuthentication_Private.h"
+#import "GoogleSignIn/Sources/GIDAuthentication.h"
 #import "GoogleSignIn/Sources/GIDGoogleUser_Private.h"
 #import "GoogleSignIn/Tests/Unit/GIDProfileData+Testing.h"
 #import "GoogleSignIn/Tests/Unit/OIDAuthState+Testing.h"
@@ -45,10 +44,6 @@
   OIDAuthState *authState = [OIDAuthState testInstance];
   GIDGoogleUser *user = [[GIDGoogleUser alloc] initWithAuthState:authState
                                                      profileData:[GIDProfileData testInstance]];
-  GIDAuthentication *authentication =
-      [[GIDAuthentication alloc] initWithAuthState:authState];
-
-  XCTAssertEqualObjects(user.authentication, authentication);
   XCTAssertEqualObjects(user.grantedScopes, @[ OIDAuthorizationRequestTestingScope2 ]);
   XCTAssertEqualObjects(user.userID, kUserID);
   XCTAssertEqualObjects(user.configuration.hostedDomain, kHostedDomain);

GoogleSignIn/Tests/Unit/GIDSignInTest.m

@@ -26,10 +26,10 @@
 // Test module imports
 @import GoogleSignIn;
 
+#import "GoogleSignIn/Sources/GIDAuthentication.h"
 #import "GoogleSignIn/Sources/GIDGoogleUser_Private.h"
 #import "GoogleSignIn/Sources/GIDSignIn_Private.h"
 #import "GoogleSignIn/Sources/GIDSignInPreferences.h"
-#import "GoogleSignIn/Sources/GIDAuthentication_Private.h"
 
 #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 #import "GoogleSignIn/Sources/GIDEMMErrorHandler.h"
@@ -1233,6 +1233,7 @@ static void *kTestObserverContext = &kTestObserverContext;
     XCTestExpectation *expectation = [self expectationWithDescription:@"Callback called"];
     GIDUserAuthCompletion completion =
         ^(GIDUserAuth *_Nullable userAuth, NSError * _Nullable error) {
+
       [expectation fulfill];
       if (userAuth) {
           XCTAssertEqualObjects(userAuth.serverAuthCode, kServerAuthCode);

Samples/Swift/DaysUntilBirthday/Shared/Services/BirthdayLoader.swift

@@ -42,8 +42,8 @@ final class BirthdayLoader: ObservableObject {
     guard let accessToken = GIDSignIn
             .sharedInstance
             .currentUser?
-            .authentication
-            .accessToken else { return nil }
+            .accessToken
+            .tokenString else { return nil }
     let configuration = URLSessionConfiguration.default
     configuration.httpAdditionalHeaders = [
       "Authorization": "Bearer \(accessToken)"
@@ -52,9 +52,9 @@ final class BirthdayLoader: ObservableObject {
   }()
 
   private func sessionWithFreshToken(completion: @escaping (Result<URLSession, Error>) -> Void) {
-    let authentication = GIDSignIn.sharedInstance.currentUser?.authentication
-    authentication?.do { auth, error in
-      guard let token = auth?.accessToken else {
+    let currentUser = GIDSignIn.sharedInstance.currentUser
+    currentUser?.do { auth, error in
+      guard let token = auth?.accessToken.tokenString else {
         completion(.failure(.couldNotCreateURLSession(error)))
         return
       }