[google_sign_in] Add an API to clear access token cache, to handle invalidated tokens #173924
Description
What package does this bug report belong to?
google_sign_in
What target platforms are you seeing this bug on?
Android
Have you already upgraded your packages?
Yes
Dependency versions
pubspec.lock
extension_google_sign_in_as_googleapis_auth:
dependency: "direct main"
description:
name: extension_google_sign_in_as_googleapis_auth
sha256: "8a9c887a377ee5b990b2b29be229de8401a43002a7d0d0b29f7d014c1c6bfeac"
url: "https://pub.dev"
source: hosted
version: "3.0.0"
google_sign_in:
dependency: "direct main"
description:
name: google_sign_in
sha256: "939a8b58f84c4053811b8c1bc9adbcb59449a15b37958264bbf60020698cca0e"
url: "https://pub.dev"
source: hosted
version: "7.1.1"
google_sign_in_android:
dependency: transitive
description:
name: google_sign_in_android
sha256: f256b8f0e6c09d135c166fe20b25256e24d60fe1a72e6bdc112a200bd0d555b4
url: "https://pub.dev"
source: hosted
version: "7.0.3"
google_sign_in_ios:
dependency: transitive
description:
name: google_sign_in_ios
sha256: c7ee744ebbcd98353966dbdee735d4fca085226f6bf725c6bea8a5c8fe0055bc
url: "https://pub.dev"
source: hosted
version: "6.1.0"
google_sign_in_platform_interface:
dependency: transitive
description:
name: google_sign_in_platform_interface
sha256: "8736443134d2cccadd4f228d600177cb3947e36683466a6ab96877ce6932885a"
url: "https://pub.dev"
source: hosted
version: "3.0.0"
google_sign_in_web:
dependency: transitive
description:
name: google_sign_in_web
sha256: "09ac306b2787b48f19c857b9f93375b654f774643c75bd6a1a078c85f4f7b468"
url: "https://pub.dev"
source: hosted
version: "1.0.0"
Steps to reproduce
- Use the sample application in google_sign_in 7
- Tap 'Request permissions' and provide the necessary permissions
- The API can be called as expected
- Tap 'Sign out'
- Go the myaccount.google.com and remove the connected third-party application
- Go back to the application, tap "sign in". Works.
- Now authorizationForScopes returns an access token that is not valid
- It returns an access token
- call authorizeScopes instead also does not prompt the user to grant the permissions (no dialog)
- when calling the Drive API, it returns 'Access was denied (www-authenticate header was: Bearer realm="https://accounts.google.com/", error="invalid_token"
I can reproduce it with the sample application, however, I copied the main.dart into my application to use the right application Id and I use the DriveApi.driveReadonlyScope.
On iOS it works as expected.
I am upgrading from 6.x where it also was working.
Sometimes I can make it work again.
- For example, I did a cold reboot of the Android simulator and it was asking for scopes again. But not always.
- If I remove the Google account from the Android simulator, and sign-in again, then the user is prompted
I realized it could be connected to #169612 ("[google_sign_in] Implement disconnect on Android once available"), but is there a way to force a new access token?
Expected results
If the user does not have the access permission for the scope given with authorizationForScopes, then it should return null.
Actual results
As described above, there are cases when authorizationForScopes returns a non-null response with an access token, even though the user does not have permissions. There seems no way to trigger the dialog to grant permissions. Also authorizeScopes does not prompt the user.
Code sample
Code sample
The code is from the sample provided by google_sign_in.
I provided the serverClientId of my project and changed to the scope drive.readonly.
String? clientId;
String serverClientId = 'xyz.apps.googleusercontent.com';
const List<String> scopes = <String>[
'https://www.googleapis.com/auth/drive.readonly',
];
[...]
Future<void> _handleAuthenticationEvent(
GoogleSignInAuthenticationEvent event,
) async {
// #docregion CheckAuthorization
final GoogleSignInAccount? user = // ...
// #enddocregion CheckAuthorization
switch (event) {
GoogleSignInAuthenticationEventSignIn() => event.user,
GoogleSignInAuthenticationEventSignOut() => null,
};
// Check for existing authorization.
// This code returns an authorization object even though the user does not have the given scopes anymore
// #docregion CheckAuthorization
final GoogleSignInClientAuthorization? authorization = await user
?.authorizationClient
.authorizationForScopes(scopes);
// #enddocregion CheckAuthorization
setState(() {
_currentUser = user;
_isAuthorized = authorization != null;
_errorMessage = '';
});
// If the user has already granted access to the required scopes, call the
// REST API.
if (user != null && authorization != null) {
unawaited(_handleGetContact(user));
}
}
Screenshots or Videos
No response
Logs
No response
Flutter Doctor output
Doctor output
flutter doctor -v
[✓] Flutter (Channel stable, 3.32.8, on macOS 15.6 24G84 darwin-arm64, locale de-DE) [295ms]
• Flutter version 3.32.8 on channel stable at /Users/asbn/fvm/versions/3.32.8
• Upstream repository https://github.com/flutter/flutter.git
• Framework revision edada7c56e (3 weeks ago), 2025-07-25 14:08:03 +0000
• Engine revision ef0cd00091
• Dart version 3.8.1
• DevTools version 2.45.1
[!] Android toolchain - develop for Android devices (Android SDK version 35.0.0) [1.136ms]
• Android SDK at /Users/asbn/Library/Android/sdk
• Platform android-35, build-tools 35.0.0
• ANDROID_HOME = /Users/asbn/Library/Android/sdk
• Java binary at: /Applications/Android Studio.app/Contents/jbr/Contents/Home/bin/java
This is the JDK bundled with the latest Android Studio installation on this machine.
To manually set the JDK path, use: `flutter config --jdk-dir="path/to/jdk"`.
• Java version OpenJDK Runtime Environment (build 21.0.5+-12932927-b750.29)
! Some Android licenses not accepted. To resolve this, run: flutter doctor --android-licenses
[✓] Xcode - develop for iOS and macOS (Xcode 16.4) [584ms]
• Xcode at /Applications/Xcode.app/Contents/Developer
• Build 16F6
• CocoaPods version 1.16.2
[✓] Chrome - develop for the web [11ms]
• Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[✓] Android Studio (version 2024.2) [10ms]
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 21.0.5+-12932927-b750.29)
[✓] VS Code (version 1.103.1) [9ms]
• VS Code at /Applications/Visual Studio Code.app/Contents
• Flutter extension version 3.116.0
[✓] Connected device (5 available) [5,9s]
• sdk gphone64 arm64 (mobile) • emulator-5554 • android-arm64 • Android 15 (API 35) (emulator)
• macOS (desktop) • macos • darwin-arm64 • macOS 15.6 24G84 darwin-arm64
• Chrome (web) • chrome • web-javascript • Google Chrome 139.0.7258.128
[✓] Network resources [311ms]
• All expected network resources are available.