[google_sign_in] Implement hosted domain on Android (#9871)

Adds support for hosted domain filtering on Android. This was wired up for `authorize` (which would apply when calling `authorize` without a user set), but not for `authenticate`, because the first draft of Android support only used the one-tap flow, which doesn't have domain filter support, and I forgot to add it when I added the button flow.

Because one-tap doesn't support the filtering feature, this adjusts the way the `attemptLightweightAuthentication` is handled when a filter is set. Instead of following the usual guidance to call it first with `filterToAuthorized` and `autoSelectEnabled` (for returning sign-in), then again without (for one-tap UI), it will only do the first call, which means it will allow returning sign-ins, but not show a general one-tap selection UI that could allow seleting an account that doesn't meet the filter requirement. (In theory, there are cases where this would be wrong if someone changed their filtering dynamically from run to run, but I can't imagine why that would be done, and in that case there's nothing that can be done with the current SDK support anyway, so if someone really wants to do that they need to just not call `attemptLightweightAuthentication`.)

Also updates to the latest version of Pigeon since I was regenerating the Pigeon files already.

Fixes flutter/flutter#174200

## Pre-Review Checklist

**Note**: The Flutter team is currently trialing the use of [Gemini Code Assist for GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code). Comments from the `gemini-code-assist` bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed.

[^1]: Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling.

Author: stuartmorgan-g

packages/google_sign_in/google_sign_in_android/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 7.0.5
+
+* Adds support for `hostedDomain` when authenticating.
+
 ## 7.0.4
 
 * Bumps com.android.tools.build:gradle to 8.12.1 and kotlin_version to 2.2.10.
@@ -6,10 +10,7 @@
 ## 7.0.3
 
 * Updates kotlin version to 2.2.0 to enable gradle 8.11 support.
-
-## 7.0.3
-
-* Add more details and troubleshooting for `serverClientId` configuration
+* Adds more details and troubleshooting for `serverClientId` configuration
   via Firebase.
 
 ## 7.0.2

packages/google_sign_in/google_sign_in_android/android/src/main/java/io/flutter/plugins/googlesignin/GoogleSignInPlugin.java

@@ -231,16 +231,22 @@ public void getCredential(
         }
 
         String nonce = params.getNonce();
+        String hostedDomain = params.getHostedDomain();
         GetCredentialRequest.Builder requestBuilder = new GetCredentialRequest.Builder();
         if (params.getUseButtonFlow()) {
           GetSignInWithGoogleOption.Builder optionBuilder =
               new GetSignInWithGoogleOption.Builder(serverClientId);
+          if (hostedDomain != null) {
+            optionBuilder.setHostedDomainFilter(hostedDomain);
+          }
           if (nonce != null) {
             optionBuilder.setNonce(nonce);
           }
           requestBuilder.addCredentialOption(optionBuilder.build());
         } else {
           GetCredentialRequestGoogleIdOptionParams optionParams = params.getGoogleIdOptionParams();
+          // TODO(stuartmorgan): Add a hosted domain filter here if hosted
+          // domain support is added to GetGoogleIdOption in the future.
           GetGoogleIdOption.Builder optionBuilder =
               new GetGoogleIdOption.Builder()
                   .setFilterByAuthorizedAccounts(optionParams.getFilterToAuthorized())

packages/google_sign_in/google_sign_in_android/android/src/main/kotlin/io/flutter/plugins/googlesignin/Messages.kt

@@ -1,7 +1,7 @@
 // Copyright 2013 The Flutter Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
-// Autogenerated from Pigeon (v24.2.2), do not edit directly.
+// Autogenerated from Pigeon (v26.0.1), do not edit directly.
 // See also: https://pub.dev/packages/pigeon
 @file:Suppress("UNCHECKED_CAST", "ArrayInDataClass")
 
@@ -15,18 +15,47 @@ import io.flutter.plugin.common.StandardMessageCodec
 import java.io.ByteArrayOutputStream
 import java.nio.ByteBuffer
 
-private fun wrapResult(result: Any?): List<Any?> {
-  return listOf(result)
-}
+private object MessagesPigeonUtils {
+
+  fun wrapResult(result: Any?): List<Any?> {
+    return listOf(result)
+  }
 
-private fun wrapError(exception: Throwable): List<Any?> {
-  return if (exception is FlutterError) {
-    listOf(exception.code, exception.message, exception.details)
-  } else {
-    listOf(
-        exception.javaClass.simpleName,
-        exception.toString(),
-        "Cause: " + exception.cause + ", Stacktrace: " + Log.getStackTraceString(exception))
+  fun wrapError(exception: Throwable): List<Any?> {
+    return if (exception is FlutterError) {
+      listOf(exception.code, exception.message, exception.details)
+    } else {
+      listOf(
+          exception.javaClass.simpleName,
+          exception.toString(),
+          "Cause: " + exception.cause + ", Stacktrace: " + Log.getStackTraceString(exception))
+    }
+  }
+
+  fun deepEquals(a: Any?, b: Any?): Boolean {
+    if (a is ByteArray && b is ByteArray) {
+      return a.contentEquals(b)
+    }
+    if (a is IntArray && b is IntArray) {
+      return a.contentEquals(b)
+    }
+    if (a is LongArray && b is LongArray) {
+      return a.contentEquals(b)
+    }
+    if (a is DoubleArray && b is DoubleArray) {
+      return a.contentEquals(b)
+    }
+    if (a is Array<*> && b is Array<*>) {
+      return a.size == b.size && a.indices.all { deepEquals(a[it], b[it]) }
+    }
+    if (a is List<*> && b is List<*>) {
+      return a.size == b.size && a.indices.all { deepEquals(a[it], b[it]) }
+    }
+    if (a is Map<*, *> && b is Map<*, *>) {
+      return a.size == b.size &&
+          a.all { (b as Map<Any?, Any?>).containsKey(it.key) && deepEquals(it.value, b[it.key]) }
+    }
+    return a == b
   }
 }
 
@@ -106,7 +135,7 @@ enum class AuthorizeFailureType(val raw: Int) {
 }
 
 /**
- * The information necessary to build a an authorization request.
+ * The information necessary to build an authorization request.
  *
  * Corresponds to the native AuthorizationRequest object, but only contains the fields used by this
  * plugin.
@@ -139,6 +168,18 @@ data class PlatformAuthorizationRequest(
         serverClientIdForForcedRefreshToken,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is PlatformAuthorizationRequest) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /**
@@ -163,15 +204,18 @@ data class GetCredentialRequestParams(
      */
     val googleIdOptionParams: GetCredentialRequestGoogleIdOptionParams,
     val serverClientId: String? = null,
+    val hostedDomain: String? = null,
     val nonce: String? = null
 ) {
   companion object {
     fun fromList(pigeonVar_list: List<Any?>): GetCredentialRequestParams {
       val useButtonFlow = pigeonVar_list[0] as Boolean
       val googleIdOptionParams = pigeonVar_list[1] as GetCredentialRequestGoogleIdOptionParams
       val serverClientId = pigeonVar_list[2] as String?
-      val nonce = pigeonVar_list[3] as String?
-      return GetCredentialRequestParams(useButtonFlow, googleIdOptionParams, serverClientId, nonce)
+      val hostedDomain = pigeonVar_list[3] as String?
+      val nonce = pigeonVar_list[4] as String?
+      return GetCredentialRequestParams(
+          useButtonFlow, googleIdOptionParams, serverClientId, hostedDomain, nonce)
     }
   }
 
@@ -180,9 +224,22 @@ data class GetCredentialRequestParams(
         useButtonFlow,
         googleIdOptionParams,
         serverClientId,
+        hostedDomain,
         nonce,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is GetCredentialRequestParams) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /** Generated class from Pigeon that represents data sent in messages. */
@@ -204,6 +261,18 @@ data class GetCredentialRequestGoogleIdOptionParams(
         autoSelectEnabled,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is GetCredentialRequestGoogleIdOptionParams) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /**
@@ -242,6 +311,18 @@ data class PlatformGoogleIdTokenCredential(
         profilePictureUri,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is PlatformGoogleIdTokenCredential) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /**
@@ -284,6 +365,18 @@ data class GetCredentialFailure(
         details,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is GetCredentialFailure) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /**
@@ -305,6 +398,18 @@ data class GetCredentialSuccess(val credential: PlatformGoogleIdTokenCredential)
         credential,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is GetCredentialSuccess) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /**
@@ -343,6 +448,18 @@ data class AuthorizeFailure(
         details,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is AuthorizeFailure) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 /**
@@ -373,6 +490,18 @@ data class PlatformAuthorizationResult(
         grantedScopes,
     )
   }
+
+  override fun equals(other: Any?): Boolean {
+    if (other !is PlatformAuthorizationResult) {
+      return false
+    }
+    if (this === other) {
+      return true
+    }
+    return MessagesPigeonUtils.deepEquals(toList(), other.toList())
+  }
+
+  override fun hashCode(): Int = toList().hashCode()
 }
 
 private open class MessagesPigeonCodec : StandardMessageCodec() {
@@ -510,7 +639,7 @@ interface GoogleSignInApi {
                 try {
                   listOf(api.getGoogleServicesJsonServerClientId())
                 } catch (exception: Throwable) {
-                  wrapError(exception)
+                  MessagesPigeonUtils.wrapError(exception)
                 }
             reply.reply(wrapped)
           }
@@ -531,10 +660,10 @@ interface GoogleSignInApi {
             api.getCredential(paramsArg) { result: Result<GetCredentialResult> ->
               val error = result.exceptionOrNull()
               if (error != null) {
-                reply.reply(wrapError(error))
+                reply.reply(MessagesPigeonUtils.wrapError(error))
               } else {
                 val data = result.getOrNull()
-                reply.reply(wrapResult(data))
+                reply.reply(MessagesPigeonUtils.wrapResult(data))
               }
             }
           }
@@ -553,9 +682,9 @@ interface GoogleSignInApi {
             api.clearCredentialState { result: Result<Unit> ->
               val error = result.exceptionOrNull()
               if (error != null) {
-                reply.reply(wrapError(error))
+                reply.reply(MessagesPigeonUtils.wrapError(error))
               } else {
-                reply.reply(wrapResult(null))
+                reply.reply(MessagesPigeonUtils.wrapResult(null))
               }
             }
           }
@@ -577,10 +706,10 @@ interface GoogleSignInApi {
             api.authorize(paramsArg, promptIfUnauthorizedArg) { result: Result<AuthorizeResult> ->
               val error = result.exceptionOrNull()
               if (error != null) {
-                reply.reply(wrapError(error))
+                reply.reply(MessagesPigeonUtils.wrapError(error))
               } else {
                 val data = result.getOrNull()
-                reply.reply(wrapResult(data))
+                reply.reply(MessagesPigeonUtils.wrapResult(data))
               }
             }
           }