Address PR comments.

packages/google_sign_in/google_sign_in_web/lib/src/gis_client.dart

@@ -239,6 +239,8 @@ class GisSdkClient {
     return id.renderButton(parent, convertButtonConfiguration(options)!);
   }
 
+  // TODO(dit): Clean this up. https://github.com/flutter/flutter/issues/137727
+  //
   /// Starts an oauth2 "implicit" flow to authorize requests.
   ///
   /// The new GIS SDK does not return user authentication from this flow, so:
@@ -283,7 +285,7 @@ class GisSdkClient {
   //
   // It'll do a request to the People API (if needed).
   //
-  // @Deprecated
+  // TODO(dit): Clean this up. https://github.com/flutter/flutter/issues/137727
   Future<GoogleSignInUserData?> _computeUserDataForLastToken() async {
     // If the user hasn't authenticated, request their basic profile info
     // from the People API.
@@ -328,6 +330,16 @@ class GisSdkClient {
     if (_lastCredentialResponse != null) {
       final DateTime? expiration = utils
           .getCredentialResponseExpirationTimestamp(_lastCredentialResponse);
+      // All Google ID Tokens provide an "exp" date. If the method above cannot
+      // extract `expiration`, it's because `_lastCredentialResponse`'s contents
+      // are unexpected (or wrong) in any way.
+      //
+      // Users are considered to be signedIn when the last CredentialResponse
+      // exists and has an expiration date in the future.
+      //
+      // Users are not signed in in any other case.
+      //
+      // See: https://developers.google.com/identity/openid-connect/openid-connect#an-id-tokens-payload
       isSignedIn = expiration?.isAfter(DateTime.now()) ?? false;
     }
 
@@ -412,6 +424,6 @@ class GisSdkClient {
   //
   // (This is a synthetic _lastCredentialResponse)
   //
-  // @Deprecated
+  // TODO(dit): Clean this up. https://github.com/flutter/flutter/issues/137727
   GoogleSignInUserData? _requestedUserData;
 }

packages/google_sign_in/google_sign_in_web/lib/src/utils.dart

@@ -54,11 +54,11 @@ Map<String, Object?>? decodeJwtPayload(String? payload) {
 
 /// Returns the payload of a [CredentialResponse].
 Map<String, Object?>? getResponsePayload(CredentialResponse? response) {
-  if (response == null || response.credential == null) {
+  if (response?.credential == null) {
     return null;
   }
 
-  return getJwtTokenPayload(response.credential);
+  return getJwtTokenPayload(response!.credential);
 }
 
 /// Converts a [CredentialResponse] into a [GoogleSignInUserData].
@@ -72,6 +72,9 @@ GoogleSignInUserData? gisResponsesToUserData(
     return null;
   }
 
+  assert(credentialResponse?.credential != null,
+      'The CredentialResponse cannot be null and have a payload.');
+
   return GoogleSignInUserData(
     email: payload['email']! as String,
     id: payload['sub']! as String,
@@ -88,11 +91,10 @@ GoogleSignInUserData? gisResponsesToUserData(
 DateTime? getCredentialResponseExpirationTimestamp(
     CredentialResponse? credentialResponse) {
   final Map<String, Object?>? payload = getResponsePayload(credentialResponse);
-  if (payload == null || payload['exp'] == null) {
-    return null;
-  }
-
-  return DateTime.fromMillisecondsSinceEpoch((payload['exp']! as int) * 1000);
+  // Get the 'exp' field from the payload, if present.
+  final int? exp = (payload != null) ? payload['exp'] as int? : null;
+  // Return 'exp' (a timestamp in seconds since Epoch) as a DateTime.
+  return (exp != null) ? DateTime.fromMillisecondsSinceEpoch(exp * 1000) : null;
 }
 
 /// Converts responses from the GIS library into TokenData for the plugin.