Document that reserved scopes should not be included in scopes field

Update gradle
Fallback to interactive authentication if silent auth fails on android, iOS already does this

Author: wslaghekke

android/gradle/wrapper/gradle-wrapper.jar

@@ -1,6 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

android/gradle/wrapper/gradle-wrapper.properties

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +82,12 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -127,26 +128,35 @@ if [ -n "$JAVA_HOME" ] ; then
     fi
     if [ ! -x "$JAVACMD" ] ; then
         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -191,18 +201,28 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
         -classpath "$CLASSPATH" \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

android/gradlew

@@ -13,8 +13,10 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,10 +27,14 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
 @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
 
@@ -37,62 +43,50 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
 :findJavaFromJavaHome
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
 @rem Setup the command line
 
 set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
+
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal

android/gradlew.bat

@@ -1,2 +1,4 @@
+rootProject.name = "capacitor-plugin-msauth-android"
+
 include ':capacitor-android'
 project(':capacitor-android').projectDir = new File('../node_modules/@capacitor/android/capacitor')

android/settings.gradle

@@ -11,6 +11,8 @@
 import com.getcapacitor.annotation.Permission;
 import com.microsoft.identity.client.*;
 import com.microsoft.identity.client.exception.MsalException;
+import com.microsoft.identity.client.exception.MsalUiRequiredException;
+
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
@@ -113,76 +115,76 @@ protected String getAuthorityUrl(ISingleAccountPublicClientApplication context)
         return context.getConfiguration().getDefaultAuthority().getAuthorityURL().toString();
     }
 
-    private void acquireTokenInteractively(
-        ISingleAccountPublicClientApplication context,
-        List<String> scopes,
-        final TokenResultCallback callback
-    ) {
-        AcquireTokenParameters.Builder params = new AcquireTokenParameters.Builder()
-            .startAuthorizationFromActivity(this.getActivity())
-            .withScopes(scopes)
-            .withPrompt(Prompt.SELECT_ACCOUNT)
-            .withCallback(
-                new AuthenticationCallback() {
-                    @Override
-                    public void onCancel() {
-                        Logger.info("Login cancelled");
-                        callback.tokenReceived(null);
-                    }
+    private void acquireToken(ISingleAccountPublicClientApplication context, List<String> scopes, final TokenResultCallback callback)
+        throws MsalException, InterruptedException {
+        String authority = getAuthorityUrl(context);
 
-                    @Override
-                    public void onSuccess(IAuthenticationResult authenticationResult) {
-                        TokenResult tokenResult = new TokenResult();
+        ICurrentAccountResult result = context.getCurrentAccount();
+        if (result.getCurrentAccount() != null) {
+            try {
+                Logger.info("Starting silent login flow");
+                AcquireTokenSilentParameters.Builder builder = new AcquireTokenSilentParameters.Builder()
+                        .withScopes(scopes)
+                        .fromAuthority(authority)
+                        .forAccount(result.getCurrentAccount());
 
-                        IAccount account = authenticationResult.getAccount();
-                        tokenResult.setAccessToken(authenticationResult.getAccessToken());
-                        tokenResult.setIdToken(account.getIdToken());
-                        tokenResult.setScopes(authenticationResult.getScope());
+                AcquireTokenSilentParameters parameters = builder.build();
+                IAuthenticationResult silentAuthResult = context.acquireTokenSilent(parameters);
+                IAccount account = silentAuthResult.getAccount();
 
-                        callback.tokenReceived(tokenResult);
-                    }
+                TokenResult tokenResult = new TokenResult();
+                tokenResult.setAccessToken(silentAuthResult.getAccessToken());
+                tokenResult.setIdToken(account.getIdToken());
+                tokenResult.setScopes(silentAuthResult.getScope());
 
-                    @Override
-                    public void onError(MsalException ex) {
-                        Logger.error("Unable to acquire token interactively", ex);
-                        callback.tokenReceived(null);
-                    }
-                }
-            );
-
-        context.acquireToken(params.build());
-    }
+                callback.tokenReceived(tokenResult);
 
-    private void acquireToken(ISingleAccountPublicClientApplication context, List<String> scopes, final TokenResultCallback callback)
-        throws MsalException, InterruptedException {
-        String authority = getAuthorityUrl(context);
+                return;
+            } catch (MsalUiRequiredException ex) {
+                Logger.error("Silent login failed", ex);
+            }
+        }
 
-        final ICurrentAccountResult ca;
-        if ((ca = context.getCurrentAccount()) != null && ca.getCurrentAccount() == null) {
-            Logger.info("Starting interactive login flow");
-            this.acquireTokenInteractively(context, scopes, callback);
-        } else {
-            Logger.info("Starting silent login flow");
-            AcquireTokenSilentParameters.Builder builder = new AcquireTokenSilentParameters.Builder()
+        Logger.info("Starting interactive login flow");
+        AcquireTokenParameters.Builder params = new AcquireTokenParameters.Builder()
+                .startAuthorizationFromActivity(this.getActivity())
                 .withScopes(scopes)
-                .fromAuthority(authority);
-
-            if (ca != null && ca.getCurrentAccount() != null) {
-                Logger.info("Silent login flow for current account");
-                builder = builder.forAccount(ca.getCurrentAccount());
-            }
+                .withPrompt(Prompt.SELECT_ACCOUNT)
+                .withCallback(
+                        new AuthenticationCallback() {
+                            @Override
+                            public void onCancel() {
+                                Logger.info("Login cancelled");
+                                callback.tokenReceived(null);
+                            }
+
+                            @Override
+                            public void onSuccess(IAuthenticationResult authenticationResult) {
+                                TokenResult tokenResult = new TokenResult();
+
+                                IAccount account = authenticationResult.getAccount();
+                                tokenResult.setAccessToken(authenticationResult.getAccessToken());
+                                tokenResult.setIdToken(account.getIdToken());
+                                tokenResult.setScopes(authenticationResult.getScope());
+
+                                callback.tokenReceived(tokenResult);
+                            }
+
+                            @Override
+                            public void onError(MsalException ex) {
+                                Logger.error("Unable to acquire token interactively", ex);
+                                callback.tokenReceived(null);
+                            }
+                        }
+                );
 
-            AcquireTokenSilentParameters parameters = builder.build();
-            IAuthenticationResult silentAuthResult = context.acquireTokenSilent(parameters);
-            IAccount account = silentAuthResult.getAccount();
+        if (result.getCurrentAccount() != null) {
+            // Set loginHint otherwise MSAL throws an exception because of mismatched account
+            params.withLoginHint(result.getCurrentAccount().getUsername());
+        }
 
-            TokenResult tokenResult = new TokenResult();
-            tokenResult.setAccessToken(silentAuthResult.getAccessToken());
-            tokenResult.setIdToken(account.getIdToken());
-            tokenResult.setScopes(silentAuthResult.getScope());
+        context.acquireToken(params.build());
 
-            callback.tokenReceived(tokenResult);
-        }
     }
 
     private ISingleAccountPublicClientApplication createContextFromPluginCall(PluginCall call)