@W-21933885: [MSDK Android] App Attestation Implementation (Significant Update To Avoid mockkStatic In IDPAuthCodeHelperTest.kt)

Author: JohnsonEricAtSalesforce

CLAUDE.md

@@ -126,6 +126,52 @@ See [README.md](README.md) for basic setup. Commands below are for contributors
 - **Test data cleanup**: Every test must clean up created soups, user accounts, and cached data. Use `@Before`/`@After` rigorously.
 - **Test credentials**: Tests requiring authentication need `test_credentials.json` in `shared/test/`.
 
+### Firebase Test Lab Considerations
+
+**CRITICAL: MockK `mockkStatic()` Does Not Work on Firebase Test Lab**
+
+Firebase Test Lab silently disables MockK's static mocking, causing tests to execute real implementations. Tests pass locally but timeout (60s) on Firebase with `UncompletedCoroutinesError` as real network/Google Play Services calls execute.
+
+**Root Cause:** Firebase's SELinux policies block MockK bytecode instrumentation, APK re-signing breaks inline mocking agent, and real Google Play Services execute unexpected calls.
+
+**DO NOT USE:**
+```kotlin
+mockkStatic(OAuth2::class)  // ❌ Fails silently on Firebase
+```
+
+**REQUIRED ALTERNATIVES:**
+
+1. **Parameter Injection (Simplest):**
+```kotlin
+// Add parameter with default value pointing to static method
+fun myFunction(
+    helper: (String) -> Int = { StaticClass.staticMethod(it) }
+) {
+    val result = helper("input")
+}
+
+// Test injects mock lambda
+myFunction(helper = { "mock result" })
+```
+
+2. **TypeAlias for Complex Static Methods:**
+```kotlin
+// Define function type
+typealias GetAuthUrl = (Boolean, URI, String, String) -> URI?
+
+// Use as parameter with default calling static method
+suspend fun authorize(
+    getAuthUrl: GetAuthUrl = { a, b, c, d -> OAuth2.getAuthUrl(a, b, c, d) }
+) { /* ... */ }
+
+// Test injects simple mock
+authorize(getAuthUrl = { _, _, _, _ -> URI("mock://url") })
+```
+
+**Rule:** Never use `mockkStatic()` in instrumented tests. Always use parameter injection to enable mocking.
+
+---
+
 ### What to Test for Each Library
 
 **SalesforceSDK (Core)**:

libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/idp/IDPAuthCodeHelper.kt

@@ -31,10 +31,11 @@ import android.webkit.WebResourceRequest
 import android.webkit.WebView
 import android.webkit.WebViewClient
 import androidx.annotation.VisibleForTesting
-import com.salesforce.androidsdk.R
+import com.salesforce.androidsdk.R.string.oauth_display_type
 import com.salesforce.androidsdk.accounts.UserAccount
 import com.salesforce.androidsdk.app.SalesforceSDKManager
 import com.salesforce.androidsdk.auth.AppAttestationClient
+import com.salesforce.androidsdk.auth.OAuth2
 import com.salesforce.androidsdk.auth.OAuth2.ATTESTATION
 import com.salesforce.androidsdk.auth.OAuth2.FRONTDOOR_URL_KEY
 import com.salesforce.androidsdk.auth.OAuth2.getAuthorizationUrl
@@ -105,51 +106,48 @@ internal class IDPAuthCodeHelper @VisibleForTesting internal constructor(
 
     /**
      * Compute relative path of authorization url for SP
-     * @param salesforceSDKManager The Salesforce SDK manager instance. This
+     * @param getAuthorizationUrl Gets the Salesforce OAuth2 authorization URL.
+     * This parameter is intended for testing purposes only. Defaults to
+     * OAuth2.getAuthorizationUrl for production use
+     * @param salesforceSdkManager The Salesforce SDK manager instance. This
      * parameter is intended for testing purposes only. Defaults to the
      * singleton instance for production use
-     * @return authorization relative path
+     * @return The authorization relative path
      */
     @VisibleForTesting
     internal suspend fun getAuthorizationPathForSP(
-        salesforceSDKManager: SalesforceSDKManager = SalesforceSDKManager.getInstance(),
-        limitTest: Boolean = false,
+        getAuthorizationUrl: GetAuthorizationUrl = { useWebServerAuthentication, useHybridAuthentication, loginServer, clientId, callbackUrl, scopes, loginHint, displayType, codeChallenge, additionalParams, sdkManager ->
+            OAuth2.getAuthorizationUrl(useWebServerAuthentication, useHybridAuthentication, loginServer, clientId, callbackUrl, scopes, loginHint, displayType, codeChallenge, additionalParams, sdkManager)
+        },
+        salesforceSdkManager: SalesforceSDKManager = SalesforceSDKManager.getInstance(),
     ): String? {
         SalesforceSDKLogger.d(TAG, "Getting authorization url")
-        val context = salesforceSDKManager.appContext
-        val useHybridAuthentication = salesforceSDKManager.useHybridAuthentication
+        val context = salesforceSdkManager.appContext
+        val useHybridAuthentication = salesforceSdkManager.useHybridAuthentication
 
-        // Add Salesforce Mobile App Attestation parameter to authorization URL if applicable.
-        if (limitTest) {
-            return null // LIMIT TEST 1
-        }
         val additionalParams = appAttestationClient?.run {
-//            val challenge = fetchMobileAppAttestationChallenge() // LIMIT TEST 1.1
-//            if (limitTest) {
-//                return null // LIMIT TEST 2
-//            }
-//            val attestation = createAppAttestation(challenge) ?: return@run null
-//            mapOf(ATTESTATION to attestation)
+            val challenge = fetchMobileAppAttestationChallenge()
+            val attestation = createAppAttestation(challenge) ?: return@run null
+            mapOf(ATTESTATION to attestation)
         }
 
-//        val authorizationUri = getAuthorizationUrl(
-//            true, // use web server flow
-//            useHybridAuthentication,
-//            URI(userAccount.loginServer),
-//            spConfig.oauthClientId,
-//            spConfig.oauthCallbackUrl,
-//            spConfig.oauthScopes,
-//            null, // Login Hint
-//            context.getString(R.string.oauth_display_type),
-//            codeChallenge,
-//            additionalParams,
-//            salesforceSDKManager
-//        )
-
-//        return authorizationUri?.let {
-//            it.path + (it.query?.let { query -> "?$query" } ?: "")
-//        } ?: null
-        return null
+        val authorizationUri = getAuthorizationUrl(
+            true, // Use web server flow
+            useHybridAuthentication,
+            URI(userAccount.loginServer),
+            spConfig.oauthClientId,
+            spConfig.oauthCallbackUrl,
+            spConfig.oauthScopes,
+            null, // Login Hint
+            context.getString(oauth_display_type),
+            codeChallenge,
+            additionalParams,
+            salesforceSdkManager
+        )
+
+        return authorizationUri?.let {
+            it.path + (it.query?.let { query -> "?$query" } ?: "")
+        }
     }
 
     fun getFrontdoorUrl(restClient:RestClient, redirectUri: String): String? {
@@ -239,4 +237,21 @@ internal class IDPAuthCodeHelper @VisibleForTesting internal constructor(
             IDPAuthCodeHelper(webView, userAccount, spConfig, codeChallenge, onResult).generateAuthCode()
         }
     }
-}
+}
+
+/**
+ * Computes a Salesforce OAuth authorization URL.
+ */
+typealias GetAuthorizationUrl = (
+    useWebServerAuthentication: Boolean,
+    useHybridAuthentication: Boolean,
+    loginServer: URI,
+    clientId: String,
+    callbackUrl: String,
+    scopes: Array<String>,
+    loginHint: String,
+    displayType: String,
+    codeChallenge: String,
+    additionalParams: Map<String, String>,
+    salesforceSdkManager: SalesforceSDKManager
+) -> URI?

libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/auth/idp/IDPAuthCodeHelperTest.kt

@@ -32,11 +32,9 @@ import androidx.test.ext.junit.runners.AndroidJUnit4
 import com.salesforce.androidsdk.accounts.UserAccount
 import com.salesforce.androidsdk.app.SalesforceSDKManager
 import com.salesforce.androidsdk.auth.AppAttestationClient
-import com.salesforce.androidsdk.auth.OAuth2
 import io.mockk.coEvery
 import io.mockk.every
 import io.mockk.mockk
-import io.mockk.mockkStatic
 import io.mockk.unmockkAll
 import kotlinx.coroutines.ExperimentalCoroutinesApi
 import kotlinx.coroutines.test.advanceUntilIdle
@@ -60,15 +58,19 @@ class IDPAuthCodeHelperTest {
         unmockkAll()
     }
 
-    @Ignore
     @OptIn(ExperimentalCoroutinesApi::class)
     @Test
     fun idpAuthCodeHelper_getAuthorizationPathForSP_whenNoAttestationClient_returnsPathAndQueryWithoutAttestation() = runTest {
 
         val mockSDKManager = createMockSalesforceSDKManager()
         val idpAuthCodeHelper = createIdpAuthCodeHelper(appAttestationClient = null)
 
-        val result = idpAuthCodeHelper.getAuthorizationPathForSP(mockSDKManager)
+        val result = idpAuthCodeHelper.getAuthorizationPathForSP(
+            getAuthorizationUrl = { _, _, _, _, _, _, _, _, _, _, _ ->
+                URI("http://www.example.com")
+            },
+            salesforceSdkManager = mockSDKManager
+        )
 
         advanceUntilIdle()
 
@@ -97,39 +99,31 @@ class IDPAuthCodeHelperTest {
         )
     }
 
-    // TODO: Prototype test. ECJ20260424
-//    @Ignore
-//    kotlinx.coroutines.test.UncompletedCoroutinesError: After waiting for 1m, the test body did not run to completion
-//    at kotlinx.coroutines.test.TestBuildersKt__TestBuildersKt$runTest$2$1$2.invokeSuspend$lambda$0(TestBuilders.kt:354)
-    @OptIn(ExperimentalCoroutinesApi::class)
+    // TODO: PROTOTYPE TEST FOR GOOGLE FIREBASE TEST LAB. ECJ20260424
     @Test
     fun idpAuthCodeHelper_getAuthorizationPathForSP_whenAttestationClientReturnsAttestation_includesAttestationInQuery() = runTest {
 
-        val mockSDKManager = createMockSalesforceSDKManager()
+        val sdkManager = createMockSalesforceSDKManager()
         val appAttestationClient = createMockAttestationClient(attestation = TEST_APP_ATTESTATION)
         val idpAuthCodeHelper = createIdpAuthCodeHelper(appAttestationClient = appAttestationClient)
 
         // Mock OAuth2.getAuthorizationUrl to return a URI with attestation in the query
-        stubOAuthAuthorizationUrl(
-            returnValue = URI("$TEST_LOGIN_SERVER$OAUTH_AUTHORIZE_PATH?attestation=$TEST_APP_ATTESTATION&other=params"),
-        )
-
         val result = idpAuthCodeHelper.getAuthorizationPathForSP(
-            salesforceSDKManager = mockSDKManager,
-            limitTest = true,
+            getAuthorizationUrl = { _, _, _, _, _, _, _, _, _, _, _ ->
+                URI("$TEST_LOGIN_SERVER$OAUTH_AUTHORIZE_PATH?attestation=$TEST_APP_ATTESTATION&other=params")
+            },
+            salesforceSdkManager = sdkManager
         )
 
-//        advanceUntilIdle() // Limit Test 1.2
-
-//        val nonNullResult = requireNotNull(result) {
-//            "Result should be non-null for a valid login server."
-//        }
-//        assertTrue(
-//            "Result should contain 'attestation=$TEST_APP_ATTESTATION' but was '$nonNullResult'.",
-//            nonNullResult.contains("attestation=$TEST_APP_ATTESTATION"),
-//        )
-        assertTrue(true)
+        advanceUntilIdle()
 
+        val nonNullResult = requireNotNull(result) {
+            "Result should be non-null for a valid login server."
+        }
+        assertTrue(
+            "Result should contain 'attestation=$TEST_APP_ATTESTATION' but was '$nonNullResult'.",
+            nonNullResult.contains("attestation=$TEST_APP_ATTESTATION"),
+        )
     }
 
     //    Your app crashed due to an ANR. Take a look at your logs to dig deeper.
@@ -138,17 +132,18 @@ class IDPAuthCodeHelperTest {
     @Test
     fun idpAuthCodeHelper_getAuthorizationPathForSP_whenCreateAppAttestationReturnsNull_excludesAttestationFromQuery() = runTest {
 
-        val mockSDKManager = createMockSalesforceSDKManager()
+        val sdkManager = createMockSalesforceSDKManager()
         val appAttestationClient = createMockAttestationClient(attestation = null)
         val idpAuthCodeHelper = createIdpAuthCodeHelper(appAttestationClient = appAttestationClient)
 
         // Mock OAuth2.getAuthorizationUrl to return a URI without attestation in the query
-        stubOAuthAuthorizationUrl(
-            returnValue = URI("$TEST_LOGIN_SERVER$OAUTH_AUTHORIZE_PATH?other=params")
+        val result = idpAuthCodeHelper.getAuthorizationPathForSP(
+            getAuthorizationUrl = { _, _, _, _, _, _, _, _, _, _, _ ->
+                URI("$TEST_LOGIN_SERVER$OAUTH_AUTHORIZE_PATH?other=params")
+            },
+            salesforceSdkManager = sdkManager
         )
 
-        val result = idpAuthCodeHelper.getAuthorizationPathForSP(mockSDKManager)
-
         advanceUntilIdle()
 
         val nonNullResult = requireNotNull(result) {
@@ -166,11 +161,15 @@ class IDPAuthCodeHelperTest {
     @Test
     fun idpAuthCodeHelper_getAuthorizationPathForSP_whenAuthorizationUrlIsNull_returnsNull() = runTest {
 
-        val mockSDKManager = createMockSalesforceSDKManager()
-        stubOAuthAuthorizationUrl(returnValue = null)
+        val sdkManager = createMockSalesforceSDKManager()
         val idpAuthCodeHelper = createIdpAuthCodeHelper(appAttestationClient = null)
 
-        val result = idpAuthCodeHelper.getAuthorizationPathForSP(mockSDKManager)
+        val result = idpAuthCodeHelper.getAuthorizationPathForSP(
+            getAuthorizationUrl = { _, _, _, _, _, _, _, _, _, _, _ ->
+                null
+            },
+            salesforceSdkManager = sdkManager
+        )
 
         advanceUntilIdle()
 
@@ -183,11 +182,15 @@ class IDPAuthCodeHelperTest {
     @Test
     fun idpAuthCodeHelper_getAuthorizationPathForSP_whenAuthorizationUrlHasNoQuery_returnsPathOnly() = runTest {
 
-        val mockSDKManager = createMockSalesforceSDKManager()
-        stubOAuthAuthorizationUrl(returnValue = URI("$TEST_LOGIN_SERVER$OAUTH_AUTHORIZE_PATH"))
+        val sdkManager = createMockSalesforceSDKManager()
         val idpAuthCodeHelper = createIdpAuthCodeHelper(appAttestationClient = null)
 
-        val result = idpAuthCodeHelper.getAuthorizationPathForSP(mockSDKManager)
+        val result = idpAuthCodeHelper.getAuthorizationPathForSP(
+            getAuthorizationUrl = { _, _, _, _, _, _, _, _, _, _, _ ->
+                URI("$TEST_LOGIN_SERVER$OAUTH_AUTHORIZE_PATH")
+            },
+            salesforceSdkManager = sdkManager
+        )
 
         advanceUntilIdle()
 
@@ -233,17 +236,6 @@ class IDPAuthCodeHelperTest {
         appAttestationClient = appAttestationClient,
     )
 
-    private fun stubOAuthAuthorizationUrl(returnValue: URI?) {
-        // Force OAuth2 class initialization before mocking to avoid ExceptionInInitializerError
-        OAuth2.TIMESTAMP_FORMAT
-        mockkStatic(OAuth2::class)
-        every {
-            OAuth2.getAuthorizationUrl(
-                any(), any(), any(), any(), any(), any(), any(), any(), any(), any(), any(),
-            )
-        } returns returnValue
-    }
-
     // endregion Helpers
 
     private companion object {