feat(ios/macos): return serverAuthCode for offline access

[proggeramlug]

What

Surface Google's one-time serverAuthCode on the success result of js_google_auth_sign_in() (iOS + macOS).

GIDSignInResult.serverAuthCode is populated by the GoogleSignIn SDK whenever a serverClientID is configured (we already set it from GIDServerClientID in loadConfiguration). We just weren't returning it.

const r = JSON.parse(await js_google_auth_sign_in()) as GoogleSignInResult
if (r.success) {
  // r.serverAuthCode → POST to your backend → exchange for a refresh token
}

Why

Native clients currently only ever get a short-lived (~1h) access token. Any server-side data sync — in our case Google Search Console — works right after linking, then breaks once the token expires, because the backend has no refresh token and no way to obtain one.

The standard fix is offline access: the SDK hands the app a serverAuthCode, the app sends it to the backend, and the backend exchanges it (grant_type=authorization_code, client secret) for a refresh token. This PR exposes the code so that flow is possible.

Changes

• crate-ios/swift/google_auth_bridge.swift
  • serializeUser(_:serverAuthCode:) appends "serverAuthCode" to the JSON when non-empty.
  • handleSignInResult passes result?.serverAuthCode. Both the iOS (UIViewController) and macOS (NSWindow) interactive paths route through handleSignInResult, so both are covered.
  • Silent restore (restorePreviousSignIn) omits it — no new auth code is issued on a silent restore.
• src/index.ts — add serverAuthCode?: string to the success: true variant of GoogleSignInResult, documented as offline-access / exchange-server-side.

Notes

• Backwards-compatible: the field is optional and only present when a serverClientID is configured and the SDK returns a code.
• Android (crate-android) uses Credential Manager, which surfaces an ID token rather than an auth code; offline access there is a separate mechanism (AuthorizationClient) and is out of scope for this PR.

Testing

Verified end-to-end in a downstream app (GSC Master): with this change the app receives serverAuthCode, the backend exchanges it for a refresh token, and Search Console data continues loading after the access token expires (previously the dashboard went empty ~1h after linking).

Summary by CodeRabbit

• New Features
  • Google Sign-In now includes an optional serverAuthCode field in sign-in results when a server client ID is configured. This authorization code can be securely exchanged on your backend server for refresh tokens, enabling more robust session management and improved authentication workflows.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 1f450339-b99f-4844-8778-300b761bf926

📥 Commits

Reviewing files that changed from the base of the PR and between fa60976 and 913f400.

📒 Files selected for processing (2)

• crate-ios/swift/google_auth_bridge.swift
• src/index.ts

---

📝 Walkthrough

Walkthrough

The Swift iOS bridge's serializeUser helper gains an optional serverAuthCode parameter that conditionally appends a "serverAuthCode" JSON field when present and non-empty. handleSignInResult now passes result?.serverAuthCode to that helper. The TypeScript GoogleSignInResult success type adds a matching optional serverAuthCode?: string field.

Changes

serverAuthCode in sign-in result

Layer / File(s)	Summary
TypeScript result type contract src/index.ts	Adds optional documented serverAuthCode?: string field to the success: true variant of GoogleSignInResult.
Swift bridge serialization and sign-in wiring crate-ios/swift/google_auth_bridge.swift	serializeUser signature updated to accept optional serverAuthCode; conditional JSON field emission added; handleSignInResult call site updated to forward result?.serverAuthCode.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐇 Hippity hop, a new code field appears,
A serverAuthCode to exchange for good cheer!
The Swift bridge now passes it down with a wink,
TypeScript receives it — no missing link.
The rabbit stamps "approved" with a wiggle of ears! ✅

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(ios/macos): return serverAuthCode for offline access' directly and accurately describes the main change: adding serverAuthCode return functionality to iOS/macOS platforms for offline access support.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/ios-server-auth-code

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}