feat: add Facebook sign-out functionality (#2287)

* feat: add Facebook sign-out functionality

* fix: update placeholders in strings.xml

* fix: make Facebook sign-out testable and add provider-specific sign-out tests

* fix: show specific Firebase error message for InvalidCredentialsException in recovery dialog

---------

Co-authored-by: Rosário P. Fernandes <[email protected]>

Author: demolaf

app/src/main/res/values/strings.xml

@@ -1,10 +1,10 @@
 <resources>
     <string name="app_name">FirebaseUI Demo</string>
 
-    <string name="firebase_web_host" translatable="false">flutterfire-e2e-tests.firebaseapp.com</string>
+    <string name="firebase_web_host" translatable="false">CHANGE-HERE</string>
 
     <!-- Facebook SDK Configuration -->
-    <string name="facebook_application_id" translatable="false">128693022464535</string>
-    <string name="facebook_login_protocol_scheme" translatable="false">fb128693022464535</string>
-    <string name="facebook_client_token" translatable="false">16dbbdf0cfb309034a6ad98ac2a21688</string>
+    <string name="facebook_application_id" translatable="false">APP-ID</string>
+    <string name="facebook_login_protocol_scheme" translatable="false">fbAPP-ID</string>
+    <string name="facebook_client_token" translatable="false">CHANGE-HERE</string>
 </resources>

auth/src/main/java/com/firebase/ui/auth/FirebaseAuthUI.kt

@@ -19,6 +19,7 @@ import android.content.Intent
 import androidx.annotation.RestrictTo
 import com.firebase.ui.auth.configuration.AuthUIConfiguration
 import com.firebase.ui.auth.configuration.auth_provider.AuthProvider
+import com.firebase.ui.auth.configuration.auth_provider.signOutFromFacebook
 import com.firebase.ui.auth.configuration.auth_provider.signOutFromGoogle
 import com.google.firebase.FirebaseApp
 import com.google.firebase.auth.FirebaseAuth
@@ -77,6 +78,9 @@ class FirebaseAuthUI private constructor(
     @RestrictTo(RestrictTo.Scope.LIBRARY_GROUP)
     var testCredentialManagerProvider: AuthProvider.Google.CredentialManagerProvider? = null
 
+    @RestrictTo(RestrictTo.Scope.LIBRARY_GROUP)
+    var testLoginManagerProvider: AuthProvider.Facebook.LoginManagerProvider? = null
+
     /**
      * Checks whether a user is currently signed in.
      *
@@ -367,6 +371,7 @@ class FirebaseAuthUI private constructor(
             auth.signOut()
                 .also {
                     signOutFromGoogle(context)
+                    signOutFromFacebook()
                 }
 
             // Update state to idle (user signed out)

auth/src/main/java/com/firebase/ui/auth/configuration/auth_provider/AuthProvider.kt

@@ -21,6 +21,7 @@ import android.util.Log
 import androidx.annotation.RestrictTo
 import androidx.compose.ui.graphics.Color
 import androidx.core.net.toUri
+import androidx.credentials.ClearCredentialStateRequest
 import androidx.credentials.CredentialManager
 import androidx.credentials.GetCredentialRequest
 import androidx.datastore.preferences.core.stringPreferencesKey
@@ -568,6 +569,11 @@ abstract class AuthProvider(open val providerId: String, open val providerName:
                 filterByAuthorizedAccounts: Boolean,
                 autoSelectEnabled: Boolean
             ): GoogleSignInResult
+
+            suspend fun clearCredentialState(
+                context: Context,
+                credentialManager: CredentialManager,
+            )
         }
 
         /**
@@ -604,6 +610,13 @@ abstract class AuthProvider(open val providerId: String, open val providerName:
                     photoUrl = googleIdTokenCredential.profilePictureUri,
                 )
             }
+
+            override suspend fun clearCredentialState(
+                context: Context,
+                credentialManager: CredentialManager,
+            ) {
+                credentialManager.clearCredentialState(ClearCredentialStateRequest())
+            }
         }
     }
 
@@ -655,21 +668,28 @@ abstract class AuthProvider(open val providerId: String, open val providerName:
         }
 
         /**
-         * An interface to wrap the static `FacebookAuthProvider.getCredential` method to make it testable.
+         * An interface to wrap Facebook LoginManager and credential operations to make them testable.
          * @suppress
          */
-        internal interface CredentialProvider {
+        @RestrictTo(RestrictTo.Scope.LIBRARY_GROUP)
+        interface LoginManagerProvider {
             fun getCredential(token: String): AuthCredential
+            fun logOut()
         }
 
         /**
-         * The default implementation of [CredentialProvider] that calls the static method.
+         * The default implementation of [LoginManagerProvider].
          * @suppress
          */
-        internal class DefaultCredentialProvider : CredentialProvider {
+        @RestrictTo(RestrictTo.Scope.LIBRARY_GROUP)
+        class DefaultLoginManagerProvider : LoginManagerProvider {
             override fun getCredential(token: String): AuthCredential {
                 return FacebookAuthProvider.getCredential(token)
             }
+
+            override fun logOut() {
+                com.facebook.login.LoginManager.getInstance().logOut()
+            }
         }
 
         /**

auth/src/main/java/com/firebase/ui/auth/configuration/auth_provider/FacebookAuthProvider+FirebaseAuthUI.kt

@@ -144,7 +144,7 @@ internal suspend fun FirebaseAuthUI.signInWithFacebook(
     config: AuthUIConfiguration,
     provider: AuthProvider.Facebook,
     accessToken: AccessToken,
-    credentialProvider: AuthProvider.Facebook.CredentialProvider = AuthProvider.Facebook.DefaultCredentialProvider(),
+    credentialProvider: AuthProvider.Facebook.LoginManagerProvider = AuthProvider.Facebook.DefaultLoginManagerProvider(),
 ) {
     try {
         updateAuthState(
@@ -210,3 +210,23 @@ internal suspend fun FirebaseAuthUI.signInWithFacebook(
     }
 }
 
+/**
+ * Signs out the current user from Facebook.
+ *
+ * Invokes Facebook's LoginManager to log out the user from their Facebook session.
+ * This method silently catches and ignores any exceptions that may occur during the
+ * logout process to ensure the sign-out flow continues even if Facebook logout fails.
+ *
+ * This is typically called as part of the overall sign-out flow when a user signs out
+ * from Firebase Authentication.
+ */
+internal fun FirebaseAuthUI.signOutFromFacebook(
+    loginManagerProvider: AuthProvider.Facebook.LoginManagerProvider = AuthProvider.Facebook.DefaultLoginManagerProvider(),
+) {
+    try {
+        if (Provider.fromId(getCurrentUser()?.providerId) != Provider.FACEBOOK) return
+        (testLoginManagerProvider ?: loginManagerProvider).logOut()
+    } catch (e: Exception) {
+        Log.e("FacebookAuthProvider", "Error during Facebook sign out", e)
+    }
+}

auth/src/main/java/com/firebase/ui/auth/configuration/auth_provider/GoogleAuthProvider+FirebaseAuthUI.kt

@@ -1,10 +1,10 @@
 package com.firebase.ui.auth.configuration.auth_provider
 
 import android.content.Context
+import android.util.Log
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.remember
 import androidx.compose.runtime.rememberCoroutineScope
-import androidx.credentials.ClearCredentialStateRequest
 import androidx.credentials.CredentialManager
 import androidx.credentials.exceptions.GetCredentialException
 import androidx.credentials.exceptions.NoCredentialException
@@ -161,7 +161,7 @@ internal suspend fun FirebaseAuthUI.signInWithGoogle(
                     providerId = provider.providerId,
                     identifier = identifier
                 )
-                android.util.Log.d("GoogleAuthProvider", "Sign-in preference saved for: $identifier")
+                Log.d("GoogleAuthProvider", "Sign-in preference saved for: $identifier")
             }
         } catch (e: Exception) {
             // Failed to save preference - log but don't break auth flow
@@ -216,13 +216,17 @@ internal suspend fun FirebaseAuthUI.signInWithGoogle(
  *
  * @param context Android context for Credential Manager
  */
-internal suspend fun signOutFromGoogle(context: Context) {
+internal suspend fun FirebaseAuthUI.signOutFromGoogle(
+    context: Context,
+    credentialManagerProvider: AuthProvider.Google.CredentialManagerProvider = AuthProvider.Google.DefaultCredentialManagerProvider(),
+) {
     try {
-        val credentialManager = CredentialManager.create(context)
-        credentialManager.clearCredentialState(
-            ClearCredentialStateRequest()
+        if (Provider.fromId(getCurrentUser()?.providerId) != Provider.GOOGLE) return
+        (testCredentialManagerProvider ?: credentialManagerProvider).clearCredentialState(
+            context = context,
+            credentialManager = CredentialManager.create(context)
         )
-    } catch (_: Exception) {
-
+    } catch (e: Exception) {
+        Log.e("GoogleAuthProvider", "Error during Google sign out", e)
     }
 }

auth/src/main/java/com/firebase/ui/auth/ui/components/ErrorRecoveryDialog.kt

@@ -126,7 +126,11 @@ private fun getRecoveryMessage(
 ): String {
     return when (error) {
         is AuthException.NetworkException -> stringProvider.networkErrorRecoveryMessage
-        is AuthException.InvalidCredentialsException -> stringProvider.invalidCredentialsRecoveryMessage
+        is AuthException.InvalidCredentialsException -> {
+            // Use the actual error message from Firebase if available, otherwise fallback to generic message
+            error.message?.takeIf { it.isNotBlank() && it != "Invalid credentials provided" }
+                ?: stringProvider.invalidCredentialsRecoveryMessage
+        }
         is AuthException.UserNotFoundException -> stringProvider.userNotFoundRecoveryMessage
         is AuthException.WeakPasswordException -> {
             // Include specific reason if available

auth/src/test/java/com/firebase/ui/auth/FirebaseAuthUITest.kt

@@ -18,6 +18,7 @@ import android.content.Context
 import android.content.Intent
 import android.net.Uri
 import androidx.test.core.app.ApplicationProvider
+import com.firebase.ui.auth.configuration.auth_provider.AuthProvider
 import com.google.android.gms.tasks.TaskCompletionSource
 import com.google.common.truth.Truth.assertThat
 import com.google.firebase.FirebaseApp
@@ -26,6 +27,7 @@ import com.google.firebase.FirebaseOptions
 import com.google.firebase.auth.FirebaseAuth
 import com.google.firebase.auth.FirebaseAuthRecentLoginRequiredException
 import com.google.firebase.auth.FirebaseUser
+import com.google.firebase.auth.UserInfo
 import kotlinx.coroutines.CancellationException
 import kotlinx.coroutines.test.runTest
 import org.junit.After
@@ -401,6 +403,156 @@ class FirebaseAuthUITest {
         }
     }
 
+    @Test
+    fun `signOut() calls Google sign out when user provider is Google`() = runTest {
+        // Setup mock user with Google provider
+        val mockUser = mock(FirebaseUser::class.java)
+        val mockUserInfo = mock(UserInfo::class.java)
+        `when`(mockUserInfo.providerId).thenReturn("google.com")
+        `when`(mockUser.providerId).thenReturn("google.com")
+        `when`(mockUser.providerData).thenReturn(listOf(mockUserInfo))
+
+        // Setup mock auth
+        val mockAuth = mock(FirebaseAuth::class.java)
+        `when`(mockAuth.currentUser).thenReturn(mockUser)
+        doNothing().`when`(mockAuth).signOut()
+
+        // Create mock credential manager provider
+        var googleSignOutCalled = false
+        val mockCredentialManagerProvider = object : AuthProvider.Google.CredentialManagerProvider {
+            override suspend fun getGoogleCredential(
+                context: Context,
+                credentialManager: androidx.credentials.CredentialManager,
+                serverClientId: String,
+                filterByAuthorizedAccounts: Boolean,
+                autoSelectEnabled: Boolean,
+            ): AuthProvider.Google.GoogleSignInResult {
+                throw UnsupportedOperationException("Not used in this test")
+            }
+
+            override suspend fun clearCredentialState(
+                context: Context,
+                credentialManager: androidx.credentials.CredentialManager,
+            ) {
+                googleSignOutCalled = true
+            }
+        }
+
+        // Create instance with mock auth and inject test provider
+        val instance = FirebaseAuthUI.create(defaultApp, mockAuth)
+        instance.testCredentialManagerProvider = mockCredentialManagerProvider
+        val context = ApplicationProvider.getApplicationContext<Context>()
+
+        // Perform sign out
+        instance.signOut(context)
+
+        // Verify Google sign out was called
+        assertThat(googleSignOutCalled).isTrue()
+        verify(mockAuth).signOut()
+    }
+
+    @Test
+    fun `signOut() calls Facebook sign out when user provider is Facebook`() = runTest {
+        // Setup mock user with Facebook provider
+        val mockUser = mock(FirebaseUser::class.java)
+        val mockUserInfo = mock(UserInfo::class.java)
+        `when`(mockUserInfo.providerId).thenReturn("facebook.com")
+        `when`(mockUser.providerId).thenReturn("facebook.com")
+        `when`(mockUser.providerData).thenReturn(listOf(mockUserInfo))
+
+        // Setup mock auth
+        val mockAuth = mock(FirebaseAuth::class.java)
+        `when`(mockAuth.currentUser).thenReturn(mockUser)
+        doNothing().`when`(mockAuth).signOut()
+
+        // Create mock login manager provider
+        var facebookSignOutCalled = false
+        val mockLoginManagerProvider = object : AuthProvider.Facebook.LoginManagerProvider {
+            override fun getCredential(token: String): com.google.firebase.auth.AuthCredential {
+                throw UnsupportedOperationException("Not used in this test")
+            }
+
+            override fun logOut() {
+                facebookSignOutCalled = true
+            }
+        }
+
+        // Create instance with mock auth and inject test provider
+        val instance = FirebaseAuthUI.create(defaultApp, mockAuth)
+        instance.testLoginManagerProvider = mockLoginManagerProvider
+        val context = ApplicationProvider.getApplicationContext<Context>()
+
+        // Perform sign out
+        instance.signOut(context)
+
+        // Verify Facebook sign out was called
+        assertThat(facebookSignOutCalled).isTrue()
+        verify(mockAuth).signOut()
+    }
+
+    @Test
+    fun `signOut() does not call Google or Facebook sign out when user provider is Email`() =
+        runTest {
+            // Setup mock user with Email provider
+            val mockUser = mock(FirebaseUser::class.java)
+            val mockUserInfo = mock(UserInfo::class.java)
+            `when`(mockUserInfo.providerId).thenReturn("password")
+            `when`(mockUser.providerId).thenReturn("password")
+            `when`(mockUser.providerData).thenReturn(listOf(mockUserInfo))
+
+            // Setup mock auth
+            val mockAuth = mock(FirebaseAuth::class.java)
+            `when`(mockAuth.currentUser).thenReturn(mockUser)
+            doNothing().`when`(mockAuth).signOut()
+
+            // Create mock providers
+            var googleSignOutCalled = false
+            val mockCredentialManagerProvider =
+                object : AuthProvider.Google.CredentialManagerProvider {
+                    override suspend fun getGoogleCredential(
+                        context: Context,
+                        credentialManager: androidx.credentials.CredentialManager,
+                        serverClientId: String,
+                        filterByAuthorizedAccounts: Boolean,
+                        autoSelectEnabled: Boolean,
+                    ): AuthProvider.Google.GoogleSignInResult {
+                        throw UnsupportedOperationException("Not used in this test")
+                    }
+
+                    override suspend fun clearCredentialState(
+                        context: Context,
+                        credentialManager: androidx.credentials.CredentialManager,
+                    ) {
+                        googleSignOutCalled = true
+                    }
+                }
+
+            var facebookSignOutCalled = false
+            val mockLoginManagerProvider = object : AuthProvider.Facebook.LoginManagerProvider {
+                override fun getCredential(token: String): com.google.firebase.auth.AuthCredential {
+                    throw UnsupportedOperationException("Not used in this test")
+                }
+
+                override fun logOut() {
+                    facebookSignOutCalled = true
+                }
+            }
+
+            // Create instance with mock auth and inject test providers
+            val instance = FirebaseAuthUI.create(defaultApp, mockAuth)
+            instance.testCredentialManagerProvider = mockCredentialManagerProvider
+            instance.testLoginManagerProvider = mockLoginManagerProvider
+            val context = ApplicationProvider.getApplicationContext<Context>()
+
+            // Perform sign out
+            instance.signOut(context)
+
+            // Verify neither Google nor Facebook sign out was called
+            assertThat(googleSignOutCalled).isFalse()
+            assertThat(facebookSignOutCalled).isFalse()
+            verify(mockAuth).signOut()
+        }
+
     // =============================================================================================
     // Delete Account Tests
     // =============================================================================================

auth/src/test/java/com/firebase/ui/auth/configuration/auth_provider/FacebookAuthProviderFirebaseAuthUI.kt

@@ -65,7 +65,7 @@ class FacebookAuthProviderFirebaseAuthUITest {
     private lateinit var mockFirebaseAuth: FirebaseAuth
 
     @Mock
-    private lateinit var mockFBAuthCredentialProvider: AuthProvider.Facebook.CredentialProvider
+    private lateinit var mockFBAuthCredentialProvider: AuthProvider.Facebook.LoginManagerProvider
 
     private lateinit var firebaseApp: FirebaseApp
     private lateinit var applicationContext: Context