fix: Replace java.util.Base64 with android.util.Base64 for backwards compatibility

[RickyJam]

Summary

This PR replaces the usage of java.util.Base64 with android.util.Base64 to ensure full compatibility across all supported Android API levels.

Problem

• java.util.Base64 is not available to android SDK < 26, but the minSdk is 24. This results in java.lang.NoClassDefFoundError: java.util.Base64 that stops google auth process.

Proposed Solution

• replace the current java.util.Base64 with the most appropriate andorid.util.Base64 in order to grant backwards compatibility to < 26 android versions.

Testing

• Tested on devices/emulators with API < 26 and API ≥ 26

Summary by CodeRabbit

• Bug Fixes
  • Improved Android authentication token handling for enhanced platform compatibility and reliability by updating token processing to use native Android utilities.

[coderabbitai]

📝 Walkthrough

Walkthrough

The Google Auth module's Base64 decoding strategy was updated from Java's standard getUrlDecoder() to Android's utility Base64 decoder with the NO_WRAP flag. Unused imports (java.util.Date, java.util.concurrent.TimeUnit, Context) were removed, and import sources were adjusted accordingly.

Changes

Cohort / File(s)	Summary
Google Auth Base64 Decoder Refactor android/src/main/java/com/googleauth/GoogleAuthModule.kt	Replaced Base64 decoding from java.util.Base64.getUrlDecoder().decode() to android.util.Base64.decode(..., Base64.NO_WRAP) for ID token payload parsing in expiration and email extraction functions. Removed unused imports and updated import sources.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A decoder swap, so swift and neat,
From Java's ways to Android's beat,
Base64 NO_WRAP takes the stage,
Unused imports cleared from the page—
Tokens decoded, cleaner and bright! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main change: replacing java.util.Base64 with android.util.Base64 for backwards compatibility, which directly addresses the core issue in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@android/src/main/java/com/googleauth/GoogleAuthModule.kt`:
- Line 883: The Base64 decoding here uses Base64.NO_WRAP which fails for
base64url JWT payloads; update the decode call in GoogleAuthModule.kt (the line
building payload from parts[1]) to use Base64.URL_SAFE instead of
Base64.NO_WRAP, matching the fix used in parseTokenExpiration so JWTs encoded
with URL-safe base64 decode correctly.
- Line 867: The JWT payload decoding in GoogleAuthModule (the line creating the
payload variable from parts[1]) uses android.util.Base64.decode with
Base64.NO_WRAP which is incorrect for base64url JWTs; update the Base64.decode
call to use Base64.URL_SAFE (e.g., replace Base64.NO_WRAP with Base64.URL_SAFE)
or switch to java.util.Base64.getUrlDecoder().decode(parts[1]) so the URL-safe
alphabet is handled correctly and padding/unwrap issues are avoided.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Bug: Base64.NO_WRAP does not handle URL-safe Base64 — JWT payloads use base64url encoding.

JWTs encode their payload using base64url (RFC 7515), which substitutes + → - and / → _. The previous code correctly used java.util.Base64.getUrlDecoder(). Replacing it with android.util.Base64.decode(..., Base64.NO_WRAP) uses the standard alphabet and will silently produce corrupted output (or throw) whenever the payload contains - or _ characters.

Use Base64.URL_SAFE (which also implies no wrap/padding handling) instead:

Proposed fix

-        val payload = String(Base64.decode(parts[1], Base64.NO_WRAP))
+        val payload = String(Base64.decode(parts[1], Base64.URL_SAFE))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	val payload = String(Base64.decode(parts[1], Base64.NO_WRAP))
	val payload = String(Base64.decode(parts[1], Base64.URL_SAFE))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@android/src/main/java/com/googleauth/GoogleAuthModule.kt` at line 867, The
JWT payload decoding in GoogleAuthModule (the line creating the payload variable
from parts[1]) uses android.util.Base64.decode with Base64.NO_WRAP which is
incorrect for base64url JWTs; update the Base64.decode call to use
Base64.URL_SAFE (e.g., replace Base64.NO_WRAP with Base64.URL_SAFE) or switch to
java.util.Base64.getUrlDecoder().decode(parts[1]) so the URL-safe alphabet is
handled correctly and padding/unwrap issues are avoided.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Same base64url bug as parseTokenExpiration — use Base64.URL_SAFE here too.

Proposed fix

-        val payload = String(Base64.decode(parts[1], Base64.URL_SAFE))
+        val payload = String(Base64.decode(parts[1], Base64.URL_SAFE))

(Ensure this line reads Base64.URL_SAFE instead of Base64.NO_WRAP.)

-        val payload = String(Base64.decode(parts[1], Base64.NO_WRAP))
+        val payload = String(Base64.decode(parts[1], Base64.URL_SAFE))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	val payload = String(Base64.decode(parts[1], Base64.NO_WRAP))
	val payload = String(Base64.decode(parts[1], Base64.URL_SAFE))

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@android/src/main/java/com/googleauth/GoogleAuthModule.kt` at line 883, The
Base64 decoding here uses Base64.NO_WRAP which fails for base64url JWT payloads;
update the decode call in GoogleAuthModule.kt (the line building payload from
parts[1]) to use Base64.URL_SAFE instead of Base64.NO_WRAP, matching the fix
used in parseTokenExpiration so JWTs encoded with URL-safe base64 decode
correctly.

[RickyJam]

Fixing coderabbitai suggestion Base64.URL_SAFE flag