Fix auth flow regressions.

[brandonpage]

• Ensure LoginViewModel's oAuthConfig is set in to the migration config when generating the authorization path so code exchange succeeds
  • New unit test added to catch this.
• Check isUsingFrontDoorBridge to ensure CustomTab does not cover QR Code login.
• Remove unnecessary (second) call to resetFrontDoorBridgeUrl.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.92%. Comparing base (40bda46) to head (ad55d10).
⚠️ Report is 1 commits behind head on dev.

Additional details and impacted files

@@             Coverage Diff              @@
##                dev    #2876      +/-   ##
============================================
+ Coverage     64.87%   64.92%   +0.04%     
- Complexity     2979     2982       +3     
============================================
  Files           223      223              
  Lines         17507    17508       +1     
  Branches       2497     2498       +1     
============================================
+ Hits          11358    11367       +9     
+ Misses         4937     4927      -10     
- Partials       1212     1214       +2     

Components	Coverage Δ
Analytics	48.71% <ø> (ø)
SalesforceSDK	59.85% <100.00%> (+0.08%)	⬆️
Hybrid	59.05% <ø> (ø)
SmartStore	78.20% <ø> (ø)
MobileSync	81.68% <ø> (ø)
React	51.50% <ø> (ø)

Files with missing lines	Coverage Δ
.../src/com/salesforce/androidsdk/ui/LoginActivity.kt	43.76% <ø> (+0.85%)	⬆️
...src/com/salesforce/androidsdk/ui/LoginViewModel.kt	88.01% <100.00%> (+0.09%)	⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[wmathurin]

Could we add some comments for our future self?

[brandonpage]

@wmathurin Hey, sorry I wrote a comment but forgot to push it. I was going to add:

Launch the browser custom tab when applicable.

Whether the User Agent or Web Server Flow is used for Front Door Bridge is determined
by the server, so because Adv Auth requires PKCE we cannot guarantee it is safe/allowed.

@JohnsonEricAtSalesforce Is the above statement accurate? And if so should we just be checking if frontdoorBridgeCodeVerifier is null?

Should we create a 14.0 WI to address this as we move to Adv Auth first? It could fall under that epic.

[JohnsonEricAtSalesforce]

Good question, @brandonpage. The isUsingFrontDoorBridge property is a computed check on frontDoorBridgeUrl.value != null, which is the definitive check for front door bridge URL status. The URL is set in both user agent flow and web server flow front door bridge URL cases, where the code verifier is only for web server flow.

It looks like you have a winner as I see it in the comment preview above.

[JohnsonEricAtSalesforce]

There's one possible change we might need.

[JohnsonEricAtSalesforce]

@brandonpage , this reset was part of the QR Code Log In implementation. If I recall, it covered the scenario where a QR Code failed login and the user was returned to the login web view to with instructions to log in view the web view. If the front door URL is still present though, it acts as an override in that case.

I took a quick look at my fork's recently updated dev and it seems like that logic still needs this reset. Has anything else changed where we don't need this?

[brandonpage]

@JohnsonEricAtSalesforce I called this out in the PR description. It is deleted here because it is also called at line 566. It doesn't need to be called twice, right?

[JohnsonEricAtSalesforce]

Gotcha. Thanks for the double clarification. That should be a good cleanup.

[JohnsonEricAtSalesforce]

👍🏻