Throw an exception if verified age scope is passed in sign-in request through the add scopes flow.

GoogleSignIn/Sources/GIDRestrictedScopesRegistry.h

@@ -43,10 +43,10 @@
 
 /// Retrieves a dictionary mapping restricted scopes to their handling classes within a given set of scopes.
 ///
-/// @param scopes A set of scopes.
+/// @param scopes A set of scopes to lookup their handling class.
 /// @return A dictionary where restricted scopes found in the input set are mapped to their corresponding handling classes.
 ///     If no restricted scopes are found, an empty dictionary is returned.
-- (NSDictionary<NSString *, Class> *)restrictedScopeToClassMappingInSet:(NSSet<NSString *> *)scopes;
+- (NSDictionary<NSString *, Class> *)restrictedScopesToClassMappingInSet:(NSSet<NSString *> *)scopes;
 
 @end
 

GoogleSignIn/Sources/GIDRestrictedScopesRegistry.m

@@ -36,7 +36,7 @@ - (BOOL)isScopeRestricted:(NSString *)scope {
   return [self.restrictedScopes containsObject:scope];
 }
 
-- (NSDictionary<NSString *, Class> *)restrictedScopeToClassMappingInSet:(NSSet<NSString *> *)scopes {
+- (NSDictionary<NSString *, Class> *)restrictedScopesToClassMappingInSet:(NSSet<NSString *> *)scopes {
   NSMutableDictionary<NSString *, Class> *mapping = [NSMutableDictionary dictionary];
   for (NSString *scope in scopes) {
     if ([self isScopeRestricted:scope]) {

GoogleSignIn/Sources/GIDSignIn.m

@@ -145,6 +145,8 @@ @implementation GIDSignIn {
   GIDTimedLoader *_timedLoader;
   // Flag indicating developer's intent to use App Check.
   BOOL _configureAppCheckCalled;
+  // The class used to manage restricted scopes and their associated handling classes.
+  GIDRestrictedScopesRegistry *_registry;
 #endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 }
 
@@ -998,18 +1000,19 @@ - (void)assertValidPresentingViewController {
 
 #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST
 - (void)assertValidScopes:(NSArray<NSString *> *)scopes {
-  GIDRestrictedScopesRegistry *registry = [[GIDRestrictedScopesRegistry alloc] init];
-  NSDictionary<NSString *, Class> *restrictedScopesMapping = [registry restrictedScopeToClassMappingInSet:[NSSet setWithArray:scopes]];
+  _registry = [[GIDRestrictedScopesRegistry alloc] init];
+  NSDictionary<NSString *, Class> *restrictedScopesMapping =
+      [_registry restrictedScopesToClassMappingInSet:[NSSet setWithArray:scopes]];
 
   if (restrictedScopesMapping.count > 0) {
     NSMutableString *errorMessage =
     [NSMutableString stringWithString:@"The following scopes are not supported in the 'addScopes' flow. "
                                        "Please use the appropriate classes to handle these:\n"];
-    for (NSString *restrictedScope in restrictedScopesMapping) {
-      Class handlingClass = restrictedScopesMapping[restrictedScope];
+    [restrictedScopesMapping enumerateKeysAndObjectsUsingBlock:^(NSString * _Nonnull restrictedScope,
+                                                                 Class  _Nonnull handlingClass,
+                                                                 BOOL * _Nonnull stop) {
       [errorMessage appendFormat:@"%@ -> %@\n", restrictedScope, NSStringFromClass(handlingClass)];
-    }
-
+    }];
     // NOLINTNEXTLINE(google-objc-avoid-throwing-exception)
     [NSException raise:NSInvalidArgumentException
                 format:@"%@", errorMessage];

GoogleSignIn/Tests/Unit/GIDRestrictedScopesRegistryTest.m

@@ -24,19 +24,21 @@ @interface GIDRestrictedScopesRegistryTest : XCTestCase
 @end
 
 @implementation GIDRestrictedScopesRegistryTest
+
 - (void)testIsScopeRestricted {
-    GIDRestrictedScopesRegistry *registry = [[GIDRestrictedScopesRegistry alloc] init];
-    BOOL isRestricted = [registry isScopeRestricted:kAccountDetailTypeAgeOver18Scope];
-    XCTAssertTrue(isRestricted);
+  GIDRestrictedScopesRegistry *registry = [[GIDRestrictedScopesRegistry alloc] init];
+  BOOL isRestricted = [registry isScopeRestricted:kAccountDetailTypeAgeOver18Scope];
+  XCTAssertTrue(isRestricted);
 }
 
-- (void)testRestrictedScopeToClassMappingInSet {
-    GIDRestrictedScopesRegistry *registry = [[GIDRestrictedScopesRegistry alloc] init];
-    NSSet<NSString *> *scopes = [NSSet setWithObjects:kAccountDetailTypeAgeOver18Scope, @"some_other_scope", nil];
-    NSDictionary<NSString *, Class> *mapping = [registry restrictedScopeToClassMappingInSet:scopes];
-
-    XCTAssertEqual(mapping.count, 1);
-    XCTAssertEqualObjects(mapping[kAccountDetailTypeAgeOver18Scope], [GIDVerifyAccountDetail class]);
+- (void)testRestrictedScopesToClassMappingInSet {
+  GIDRestrictedScopesRegistry *registry = [[GIDRestrictedScopesRegistry alloc] init];
+  NSSet<NSString *> *scopes = [NSSet setWithObjects:kAccountDetailTypeAgeOver18Scope, @"some_other_scope", nil];
+  NSDictionary<NSString *, Class> *mapping = [registry restrictedScopesToClassMappingInSet:scopes];
+
+  XCTAssertEqual(mapping.count, 1);
+  XCTAssertEqualObjects(mapping[kAccountDetailTypeAgeOver18Scope], [GIDVerifyAccountDetail class]);
+  XCTAssertNil(mapping[@"some_other_scope"]);
 }
 
 @end