Return refreshed Credentials in CredentialsManagerException to avoid logout

[poovamraj]

Changes

To avoid Logout because of not storing the refreshed credentials. We are providing the Credentials back to the user through our Exception.

Since Exceptions are highly logged we are masking sensitive data from it to avoid exposing them.

References

https://github.com/auth0/Auth0.Android/issues/661

Testing

• [x] This change adds unit test coverage
• [x] This change adds integration test coverage
• [x] This change has been tested on the latest version of the platform/language or why not

[bennycao]

Hi @poovamraj , just want to understand what it means by the comment here https://github.com/auth0/Auth0.Android/blob/main/auth0/src/main/java/com/auth0/android/authentication/storage/SecureCredentialsManager.kt#L191C51-L191C51

it says clearcredentials so hasValidCredentials returns a true value. Doesn't clearing credentials mean hasValidCredentials will return false. And does the retry statement mean retrying of saveCredentials or something else ? It would be good to understand what the comment is referring too, and not go down this path if re-saving refreshed credentials won't help

[poovamraj]

@bennycao the comment is mentioned to note why we are calling the clearCredentials method. It is done so that hasValidCredentials won't return true when we can't fetch valid credentials due to corrupted keys.