refactor(iv): replace Boolean? with JwtRequirement enum

`ConfigModel.useIdentityVerification` was `Boolean?` where `null` silently
meant "pre-HYDRATE, not yet known" — easy to miss and easy to confuse with
the SDK-side `FeatureFlag.IDENTITY_VERIFICATION`. Replace with a tri-state
`JwtRequirement` enum (UNKNOWN / NOT_REQUIRED / REQUIRED) that names the
customer-config side explicitly and ties to the backend param (`jwt_required`).

- New `JwtRequirement` with a `fromBoolean(Boolean?)` helper so
  `ConfigModelStoreListener` can map the backend's nullable boolean.
- `ConfigModel.useIdentityVerification` is now `internal var … : JwtRequirement`
  (internal because the type is internal-only). Backing storage is unchanged —
  still a nullable boolean under the hood, so no cache migration needed.
- `IdentityVerificationGates.update` takes `jwtRequirement: JwtRequirement`;
  `required` is derived locally as `== REQUIRED`.
- Tests updated to use enum values.

Author: nan-li

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/config/ConfigModel.kt

@@ -2,6 +2,7 @@ package com.onesignal.core.internal.config
 
 import com.onesignal.common.modeling.Model
 import com.onesignal.core.internal.http.OneSignalService.ONESIGNAL_API_BASE_URL
+import com.onesignal.user.internal.jwt.JwtRequirement
 import org.json.JSONArray
 import org.json.JSONObject
 
@@ -236,11 +237,18 @@ class ConfigModel : Model() {
             setBooleanProperty(::enterprise.name, value)
         }
 
-    /** Mirrors backend `jwt_required`. `null` = pre-HYDRATE (distinguish from `false`). */
-    var useIdentityVerification: Boolean?
-        get() = getOptBooleanProperty(::useIdentityVerification.name)
+    /** Mirrors backend `jwt_required`. Pre-HYDRATE callers see [JwtRequirement.UNKNOWN]. */
+    internal var useIdentityVerification: JwtRequirement
+        get() = JwtRequirement.fromBoolean(getOptBooleanProperty(::useIdentityVerification.name))
         set(value) {
-            setOptBooleanProperty(::useIdentityVerification.name, value)
+            setOptBooleanProperty(
+                ::useIdentityVerification.name,
+                when (value) {
+                    JwtRequirement.UNKNOWN -> null
+                    JwtRequirement.NOT_REQUIRED -> false
+                    JwtRequirement.REQUIRED -> true
+                },
+            )
         }
 
     /**

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/config/impl/ConfigModelStoreListener.kt

@@ -10,6 +10,7 @@ import com.onesignal.core.internal.config.ConfigModel
 import com.onesignal.core.internal.config.ConfigModelStore
 import com.onesignal.core.internal.startup.IStartableService
 import com.onesignal.debug.internal.logging.Logging
+import com.onesignal.user.internal.jwt.JwtRequirement
 import com.onesignal.user.internal.subscriptions.ISubscriptionManager
 import kotlinx.coroutines.delay
 import java.net.HttpURLConnection
@@ -85,7 +86,9 @@ internal class ConfigModelStoreListener(
 
                     // these are only copied from the backend params when the backend has set them.
                     params.enterprise?.let { config.enterprise = it }
-                    params.useIdentityVerification?.let { config.useIdentityVerification = it }
+                    params.useIdentityVerification?.let {
+                        config.useIdentityVerification = JwtRequirement.fromBoolean(it)
+                    }
                     params.firebaseAnalytics?.let { config.firebaseAnalytics = it }
                     params.restoreTTLFilter?.let { config.restoreTTLFilter = it }
                     params.clearGroupOnSummaryClick?.let { config.clearGroupOnSummaryClick = it }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/features/FeatureFlag.kt

@@ -24,6 +24,7 @@ internal enum class FeatureFlag(
     val key: String,
     val activationMode: FeatureActivationMode
 ) {
+    // Threading mode is selected once per app startup to avoid mixed-mode behavior mid-session.
     // Remote key (lowercase) must match backend / Turbine flag id.
     SDK_BACKGROUND_THREADING(
         "sdk_background_threading",

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/core/internal/features/FeatureManager.kt

@@ -150,7 +150,7 @@ internal class FeatureManager(
             FeatureFlag.IDENTITY_VERIFICATION ->
                 IdentityVerificationGates.update(
                     featureFlagOn = enabled,
-                    jwtRequired = model.useIdentityVerification,
+                    jwtRequirement = model.useIdentityVerification,
                     source = "FeatureManager:${feature.activationMode}"
                 )
         }

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/jwt/IdentityVerificationGates.kt

@@ -23,20 +23,21 @@ internal object IdentityVerificationGates {
     /** Idempotent. [source] is logged for traceability when gates change. */
     fun update(
         featureFlagOn: Boolean,
-        jwtRequired: Boolean?,
+        jwtRequirement: JwtRequirement,
         source: String,
     ) {
         val previousNewCode = newCodePathsRun
         val previousIvActive = ivBehaviorActive
 
-        newCodePathsRun = featureFlagOn || (jwtRequired == true)
-        ivBehaviorActive = jwtRequired == true
+        val required = jwtRequirement == JwtRequirement.REQUIRED
+        newCodePathsRun = featureFlagOn || required
+        ivBehaviorActive = required
 
         if (previousNewCode != newCodePathsRun || previousIvActive != ivBehaviorActive) {
             Logging.info(
                 "OneSignal: IdentityVerificationGates updated: " +
                     "newCodePathsRun=$newCodePathsRun, ivBehaviorActive=$ivBehaviorActive " +
-                    "(source=$source, featureFlagOn=$featureFlagOn, jwtRequired=$jwtRequired)",
+                    "(source=$source, featureFlagOn=$featureFlagOn, jwtRequirement=$jwtRequirement)",
             )
         } else {
             Logging.debug(

OneSignalSDK/onesignal/core/src/main/java/com/onesignal/user/internal/jwt/JwtRequirement.kt

@@ -0,0 +1,31 @@
+package com.onesignal.user.internal.jwt
+
+/**
+ * Customer-side JWT requirement, mirrored from the backend `jwt_required` remote param.
+ * Explicit [UNKNOWN] so callers can distinguish pre-HYDRATE (no value yet) from
+ * [NOT_REQUIRED] (customer opted out).
+ *
+ * Represents only the customer-config side of Identity Verification; do not confuse
+ * with [com.onesignal.core.internal.features.FeatureFlag.IDENTITY_VERIFICATION] (our
+ * SDK-side rollout switch).
+ */
+internal enum class JwtRequirement {
+    /** Remote params have not been fetched yet. Treat as non-IV until known. */
+    UNKNOWN,
+
+    /** Customer config `jwt_required=false`. No JWT signing. */
+    NOT_REQUIRED,
+
+    /** Customer config `jwt_required=true`. IV-specific behavior active. */
+    REQUIRED,
+    ;
+
+    companion object {
+        fun fromBoolean(value: Boolean?): JwtRequirement =
+            when (value) {
+                null -> UNKNOWN
+                false -> NOT_REQUIRED
+                true -> REQUIRED
+            }
+    }
+}

OneSignalSDK/onesignal/core/src/test/java/com/onesignal/core/internal/features/FeatureManagerTests.kt

@@ -5,6 +5,7 @@ import com.onesignal.common.threading.ThreadingMode
 import com.onesignal.core.internal.config.ConfigModel
 import com.onesignal.core.internal.config.ConfigModelStore
 import com.onesignal.user.internal.jwt.IdentityVerificationGates
+import com.onesignal.user.internal.jwt.JwtRequirement
 import io.kotest.core.spec.style.FunSpec
 import io.kotest.matchers.shouldBe
 import io.mockk.every
@@ -16,13 +17,13 @@ import io.mockk.runs
 class FeatureManagerTests : FunSpec({
     beforeEach {
         ThreadingMode.useBackgroundThreading = false
-        IdentityVerificationGates.update(false, null, "test-reset")
+        IdentityVerificationGates.update(false, JwtRequirement.UNKNOWN, "test-reset")
     }
 
     fun stubConfigModel(model: ConfigModel) {
         every { model.sdkRemoteFeatureFlags } returns emptyList()
         every { model.sdkRemoteFeatureFlagMetadata } returns null
-        every { model.useIdentityVerification } returns null
+        every { model.useIdentityVerification } returns JwtRequirement.UNKNOWN
     }
 
     test("initial state enables BACKGROUND_THREADING when key is present in sdk remote flags") {
@@ -180,7 +181,7 @@ class FeatureManagerTests : FunSpec({
     test("ERROR STATE: flag off + jwt_required=true → both gates true (customer config wins)") {
         val initialModel = mockk<ConfigModel>()
         stubConfigModel(initialModel)
-        every { initialModel.useIdentityVerification } returns true
+        every { initialModel.useIdentityVerification } returns JwtRequirement.REQUIRED
         val configModelStore = mockk<ConfigModelStore>()
         every { configModelStore.model } returns initialModel
         every { configModelStore.subscribe(any()) } just runs
@@ -196,7 +197,7 @@ class FeatureManagerTests : FunSpec({
         val initialModel = mockk<ConfigModel>()
         stubConfigModel(initialModel)
         every { initialModel.sdkRemoteFeatureFlags } returns listOf(FeatureFlag.IDENTITY_VERIFICATION.key)
-        every { initialModel.useIdentityVerification } returns true
+        every { initialModel.useIdentityVerification } returns JwtRequirement.REQUIRED
         val configModelStore = mockk<ConfigModelStore>()
         every { configModelStore.model } returns initialModel
         every { configModelStore.subscribe(any()) } just runs
@@ -220,7 +221,7 @@ class FeatureManagerTests : FunSpec({
 
         val updatedModel = mockk<ConfigModel>()
         stubConfigModel(updatedModel)
-        every { updatedModel.useIdentityVerification } returns true
+        every { updatedModel.useIdentityVerification } returns JwtRequirement.REQUIRED
 
         manager.onModelReplaced(updatedModel, ModelChangeTags.HYDRATE)
 
@@ -240,7 +241,7 @@ class FeatureManagerTests : FunSpec({
         val updatedModel = mockk<ConfigModel>()
         stubConfigModel(updatedModel)
         every { updatedModel.sdkRemoteFeatureFlags } returns listOf(FeatureFlag.IDENTITY_VERIFICATION.key)
-        every { updatedModel.useIdentityVerification } returns false
+        every { updatedModel.useIdentityVerification } returns JwtRequirement.NOT_REQUIRED
 
         manager.onModelReplaced(updatedModel, ModelChangeTags.HYDRATE)
 

OneSignalSDK/onesignal/core/src/test/java/com/onesignal/user/internal/jwt/IdentityVerificationGatesTests.kt

@@ -6,91 +6,91 @@ import io.kotest.matchers.shouldBe
 class IdentityVerificationGatesTests : FunSpec({
     // Singleton state leaks across tests; reset before each.
     beforeEach {
-        IdentityVerificationGates.update(false, null, "test-reset")
+        IdentityVerificationGates.update(false, JwtRequirement.UNKNOWN, "test-reset")
     }
 
     test("defaults to newCodePathsRun=false and ivBehaviorActive=false") {
         IdentityVerificationGates.newCodePathsRun shouldBe false
         IdentityVerificationGates.ivBehaviorActive shouldBe false
     }
 
-    test("featureFlagOn=false, jwtRequired=null: both gates are false (safe default)") {
+    test("featureFlagOn=false, jwtRequirement=UNKNOWN: both gates are false (safe default)") {
         IdentityVerificationGates.update(
             featureFlagOn = false,
-            jwtRequired = null,
+            jwtRequirement = JwtRequirement.UNKNOWN,
             source = "test",
         )
         IdentityVerificationGates.newCodePathsRun shouldBe false
         IdentityVerificationGates.ivBehaviorActive shouldBe false
     }
 
-    test("featureFlagOn=false, jwtRequired=false: both gates are false") {
+    test("featureFlagOn=false, jwtRequirement=NOT_REQUIRED: both gates are false") {
         IdentityVerificationGates.update(
             featureFlagOn = false,
-            jwtRequired = false,
+            jwtRequirement = JwtRequirement.NOT_REQUIRED,
             source = "test",
         )
         IdentityVerificationGates.newCodePathsRun shouldBe false
         IdentityVerificationGates.ivBehaviorActive shouldBe false
     }
 
-    test("ERROR STATE — featureFlagOn=false, jwtRequired=true: both gates true (customer config wins)") {
+    test("ERROR STATE — featureFlagOn=false, jwtRequirement=REQUIRED: both gates true (customer config wins)") {
         IdentityVerificationGates.update(
             featureFlagOn = false,
-            jwtRequired = true,
+            jwtRequirement = JwtRequirement.REQUIRED,
             source = "test",
         )
         IdentityVerificationGates.newCodePathsRun shouldBe true
         IdentityVerificationGates.ivBehaviorActive shouldBe true
     }
 
-    test("featureFlagOn=true, jwtRequired=null: newCodePathsRun true, ivBehaviorActive false") {
+    test("featureFlagOn=true, jwtRequirement=UNKNOWN: newCodePathsRun true, ivBehaviorActive false") {
         IdentityVerificationGates.update(
             featureFlagOn = true,
-            jwtRequired = null,
+            jwtRequirement = JwtRequirement.UNKNOWN,
             source = "test",
         )
         IdentityVerificationGates.newCodePathsRun shouldBe true
         IdentityVerificationGates.ivBehaviorActive shouldBe false
     }
 
-    test("featureFlagOn=true, jwtRequired=false: newCodePathsRun true, ivBehaviorActive false (Phase 3)") {
+    test("featureFlagOn=true, jwtRequirement=NOT_REQUIRED: newCodePathsRun true, ivBehaviorActive false (Phase 3)") {
         IdentityVerificationGates.update(
             featureFlagOn = true,
-            jwtRequired = false,
+            jwtRequirement = JwtRequirement.NOT_REQUIRED,
             source = "test",
         )
         IdentityVerificationGates.newCodePathsRun shouldBe true
         IdentityVerificationGates.ivBehaviorActive shouldBe false
     }
 
-    test("featureFlagOn=true, jwtRequired=true: both gates true (full IV)") {
+    test("featureFlagOn=true, jwtRequirement=REQUIRED: both gates true (full IV)") {
         IdentityVerificationGates.update(
             featureFlagOn = true,
-            jwtRequired = true,
+            jwtRequirement = JwtRequirement.REQUIRED,
             source = "test",
         )
         IdentityVerificationGates.newCodePathsRun shouldBe true
         IdentityVerificationGates.ivBehaviorActive shouldBe true
     }
 
     test("updating to the same values is a no-op but still reflects in reads") {
-        IdentityVerificationGates.update(true, true, "first")
-        IdentityVerificationGates.update(true, true, "second")
+        IdentityVerificationGates.update(true, JwtRequirement.REQUIRED, "first")
+        IdentityVerificationGates.update(true, JwtRequirement.REQUIRED, "second")
         IdentityVerificationGates.newCodePathsRun shouldBe true
         IdentityVerificationGates.ivBehaviorActive shouldBe true
     }
 
     test("transition: non-IV → IV-active → off") {
-        IdentityVerificationGates.update(false, false, "phase-1-non-iv")
+        IdentityVerificationGates.update(false, JwtRequirement.NOT_REQUIRED, "phase-1-non-iv")
         IdentityVerificationGates.newCodePathsRun shouldBe false
         IdentityVerificationGates.ivBehaviorActive shouldBe false
 
-        IdentityVerificationGates.update(true, true, "phase-2-iv-on")
+        IdentityVerificationGates.update(true, JwtRequirement.REQUIRED, "phase-2-iv-on")
         IdentityVerificationGates.newCodePathsRun shouldBe true
         IdentityVerificationGates.ivBehaviorActive shouldBe true
 
-        IdentityVerificationGates.update(false, false, "kill-switch")
+        IdentityVerificationGates.update(false, JwtRequirement.NOT_REQUIRED, "kill-switch")
         IdentityVerificationGates.newCodePathsRun shouldBe false
         IdentityVerificationGates.ivBehaviorActive shouldBe false
     }