feat(ios/macos): return serverAuthCode for offline access

crate-ios/swift/google_auth_bridge.swift

@@ -39,7 +39,7 @@ private func emit(
     json.withCString { ptr in callback(ctx, ptr) }
 }
 
-private func serializeUser(_ user: GIDGoogleUser) -> String {
+private func serializeUser(_ user: GIDGoogleUser, serverAuthCode: String? = nil) -> String {
     // Hand-rolled JSON to avoid pulling Foundation's JSONSerialization
     // through a wrapper — the field set is fixed and small.
     func escape(_ s: String) -> String {
@@ -85,6 +85,12 @@ private func serializeUser(_ user: GIDGoogleUser) -> String {
        let url = profile?.imageURL(withDimension: 256)?.absoluteString {
         fields.append("\"pictureUrl\":\"\(escape(url))\"")
     }
+    // Offline-access auth code (present when a serverClientID is configured).
+    // The server exchanges it for a refresh token so it can keep calling
+    // Google APIs after the access token expires.
+    if let code = serverAuthCode, !code.isEmpty {
+        fields.append("\"serverAuthCode\":\"\(escape(code))\"")
+    }
     return "{\(fields.joined(separator: ","))}"
 }
 
@@ -215,7 +221,7 @@ private func handleSignInResult(
         emit(ctx, callback, failureJson("no-user-returned"))
         return
     }
-    emit(ctx, callback, serializeUser(user))
+    emit(ctx, callback, serializeUser(user, serverAuthCode: result?.serverAuthCode))
 }
 
 @_cdecl("perry_google_auth_bridge_silent_sign_in")

src/index.ts

@@ -57,6 +57,8 @@ export type GoogleSignInResult =
       idToken: string;
       /** OAuth access token; only present on flows where the user granted scope(s) that require it. */
       accessToken?: string;
+      /** One-time server auth code (offline access); present when a serverClientID is configured. Exchange server-side for a refresh token. */
+      serverAuthCode?: string;
       /** Stable Google user id (`sub`). */
       userId: string;
       email: string;