Sorting the scope before saving them with audience

pmathew92 · pmathew92 · commit 628b73c7314e · 2025-12-05T17:19:05.000+05:30
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/BaseCredentialsManager.kt
@@ -1,5 +1,6 @@
 package com.auth0.android.authentication.storage
 
+import android.util.Log
 import androidx.annotation.VisibleForTesting
 import com.auth0.android.authentication.AuthenticationAPIClient
 import com.auth0.android.callback.Callback
@@ -213,6 +214,9 @@ public abstract class BaseCredentialsManager internal constructor(
      */
     protected fun getAPICredentialsKey(audience: String, scope: String?): String {
         // Use audience if scope is null else use a combination of audience and scope
-        return if (scope == null) audience else "$audience::${scope.replace(" ","::")}"
+        if (scope == null) return audience
+        val sortedScope = scope.split(" ").sorted().joinToString("::")
+        return "$audience::${sortedScope}"
+
     }
 }
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/CredentialsManager.kt
@@ -717,6 +717,9 @@ public class CredentialsManager @VisibleForTesting(otherwise = VisibleForTesting
 
     /**
      * Removes the credentials for the given audience from the storage if present.
+     * @param audience Audience for which the [APICredentials] are stored
+     * @param scope Optional scope for which the [APICredentials] are stored. If the credentials were initially fetched/stored with scope,
+     * it is recommended to pass scope also while clearing them.
      */
     override fun clearApiCredentials(audience: String, scope: String?) {
         val key = getAPICredentialsKey(audience, scope)
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt b/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt
@@ -764,6 +764,9 @@ public class SecureCredentialsManager @VisibleForTesting(otherwise = VisibleForT
 
     /**
      * Removes the credentials for the given audience from the storage if present.
+     * @param audience Audience for which the [APICredentials] are stored
+     * @param scope Optional scope for which the [APICredentials] are stored. If the credentials were initially fetched/stored with scope,
+     * it is recommended to pass scope also while clearing them.
      */
     override fun clearApiCredentials(audience: String, scope: String?) {
         val key = getAPICredentialsKey(audience, scope)
