Merge pull request #2766 from brandonpage/client-manager-logout

Fix use of non-current account in client manager and possible logout of current user.

Author: brandonpage

libs/SalesforceSDK/src/com/salesforce/androidsdk/rest/ClientManager.java

@@ -379,8 +379,20 @@ public AccMgrAuthTokenProvider(ClientManager clientManager, String instanceUrl,
         @Override
         public String getNewAuthToken() {
             SalesforceSDKLogger.i(TAG, "Need new access token");
-            final Account acc = clientManager.getAccount();
-            if (acc == null) {
+            UserAccountManager userAccountManager = SalesforceSDKManager.getInstance().getUserAccountManager();
+            Account[] accounts = clientManager.getAccounts();
+            Account matchingAccount = null;
+
+            // Find the account for this client.
+            for (Account account : accounts) {
+                UserAccount user = userAccountManager.buildUserAccount(account);
+                if (user != null && lastNewAuthToken.equals(user.getAuthToken())) {
+                    matchingAccount = account;
+                }
+            }
+
+            // Fail early to ensure we don't logout the current user below by sending null.
+            if (matchingAccount == null) {
                 return null;
             }
 
@@ -401,9 +413,8 @@ public String getNewAuthToken() {
             try {
 
                 // Invalidate current auth token.
-                final String cachedAuthToken = clientManager.peekRestClient(acc).getAuthToken();
-                clientManager.invalidateToken(cachedAuthToken);
-                final UserAccount userAccount = refreshStaleToken(acc);
+                clientManager.invalidateToken(lastNewAuthToken);
+                final UserAccount userAccount = refreshStaleToken(matchingAccount);
 
                 // NB: userAccount will be null if refresh token is no longer valid
                 newAuthToken = userAccount != null ? userAccount.getAuthToken() : null;
@@ -417,11 +428,12 @@ public String getNewAuthToken() {
                         if (Looper.myLooper() == null) {
                             Looper.prepare();
                         }
+                        boolean showLoginPage = accounts.length > 1;
                         // Note: As of writing (2024) this call will never succeed because revoke API is an
                         // authenticated endpoint.  However, there is no harm in attempting and the debug logs
                         // produced may help developers better understand the state of their app.
                         SalesforceSDKManager.getInstance()
-                                .logout(null, null, false, OAuth2.LogoutReason.REFRESH_TOKEN_EXPIRED);
+                                .logout(matchingAccount, null, showLoginPage, OAuth2.LogoutReason.REFRESH_TOKEN_EXPIRED);
                     }
 
                     // Broadcasts an intent that the refresh token has been revoked.