[google_sign_in_android] Update android libraries

[davidmartos96]

Updates the Google Credentials dependencies

Fixes flutter/flutter#186395

This piece of code has been updated as the requestOfflineAccess method was deprecated: https://developers.google.com/android/reference/com/google/android/gms/auth/api/identity/AuthorizationRequest.Builder#public-authorizationrequest.builder-requestofflineaccess-string-serverclientid,-boolean-forcecodeforrefreshtoken

Pre-Review Checklist

• I read the Contributor Guide and followed the process outlined there for submitting PRs.
• I read the AI contribution guidelines and understand my responsibilities, or I am not using AI tools.
• I read the Tree Hygiene page, which explains my responsibilities.
• I read and followed the relevant style guides and ran the auto-formatter.
• I signed the CLA.
• The title of the PR starts with the name of the package surrounded by square brackets, e.g. [shared_preferences]
• I linked to at least one issue that this PR fixes in the description above.
• I followed the version and CHANGELOG instructions, using semantic versioning and the repository CHANGELOG style, or I have commented below to indicate which documented exception this PR falls under¹.
• I updated/added any relevant documentation (doc comments with ///).
• I added new tests to check the change I am making, or I have commented below to indicate which test exemption this PR falls under¹.
• All existing and new tests are passing.

If you need help, consider asking for advice on the #hackers-new channel on Discord.

Note: The Flutter team is currently trialing the use of Gemini Code Assist for GitHub. Comments from the gemini-code-assist bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed.

Footnotes

1. Regular contributors who have demonstrated familiarity with the repository guidelines only need to comment if the PR is not auto-exempted by repo tooling. ↩ ↩²

[flutter-dashboard]

It looks like this pull request may not have tests. Please make sure to add tests or get an explicit test exemption before merging.

If you are not sure if you need tests, consider this rule of thumb: the purpose of a test is to make sure someone doesn't accidentally revert the fix. Ask yourself, is there anything in your PR that you feel it is important we not accidentally revert back to how it was before your fix?

Reviewers: Read the Tree Hygiene page and make sure this patch meets those guidelines before LGTMing. If you believe this PR qualifies for a test exemption, contact "@test-exemption-reviewer" in the #hackers channel in Discord (don't just cc them here, they won't see it!). The test exemption team is a small volunteer group, so all reviewers should feel empowered to ask for tests, without delegating that responsibility entirely to the test exemption group.

[gemini-code-assist]

Code Review

This pull request updates the google_sign_in_android package to version 7.2.11, bumping several Android dependencies including AndroidX Credentials, Play Services Auth, and Android Identity GoogleID. The authorize implementation in GoogleSignInPlugin.java is updated to use setPrompt for forced refresh tokens, replacing a deprecated requestOfflineAccess method. Review feedback suggests extracting the server client ID to a local variable for improved readability and ensuring the logic changes are documented in the CHANGELOG.

[gemini-code-assist]

The migration from the deprecated requestOfflineAccess(String, boolean) to requestOfflineAccess(String) and setPrompt(AuthorizationRequest.Prompt.CONSENT) is correct for forcing a refresh token. However, for better readability and to avoid multiple calls to the getter, consider extracting the server client ID to a local variable.

        String serverClientId = params.getServerClientIdForForcedRefreshToken();
        if (serverClientId != null) {
          authorizationRequestBuilder.requestOfflineAccess(serverClientId);
          // This requests a new refresh token
          authorizationRequestBuilder.setPrompt(AuthorizationRequest.Prompt.CONSENT);
        }

[gemini-code-assist]

While the dependency bumps are listed, the logic change in GoogleSignInPlugin.java (migrating to setPrompt for forced refresh tokens) should also be mentioned in the CHANGELOG to inform users of the implementation update, even if the intended behavior remains the same.

Suggested change

	* Bumps AndroidX Credentials to v1.6.0
	* Bumps Play Services Auth to v21.5.1
	* Bumps Android Identity GoogleID to v1.2.0
	* Bumps AndroidX Credentials to v1.6.0
	* Bumps Play Services Auth to v21.5.1
	* Bumps Android Identity GoogleID to v1.2.0
	* Updates `authorize` implementation to use `setPrompt` for forced refresh tokens.

[reidbaker]

Hey @davidmartos96 what manual testing (if any) did you do as part of this pr?

[davidmartos96]

@reidbaker Hello! I've tested it with my own app that integrates Google Sign In, but I've also copied the example code and tried it out, including the generation of the server auth code.

Sign In, Request scopes, Server auth code and SIgn Out

[reidbaker]

@davidmartos96 awesome I will get this reviewed today.

[reidbaker]

For future me if I need to look at this pr.
Here is the changelog that matters (I initially started with jetpack credential manager)
https://developers.google.com/android/guides/releases#january_07_2026

This pr is doing exactly what the documentation suggests. https://developers.google.com/android/reference/com/google/android/gms/auth/api/identity/AuthorizationRequest.Builder#requestOfflineAccess(java.lang.String,%20boolean)

[reidbaker]

Comment added for how to fix presubmit issues.