[FC] Updates lookup call to use mobile endpoint on verified flows

[carlosmuvi-stripe]

Summary

• Uses new mobile/lookup call passing verification token
• Non verified flows continue to use POST consumer_sessions (does some method renaming to match this)
• On attestation failures, closes the native AuthFlow and continues on web.

Motivation

https://docs.google.com/document/d/1joKz5UZHLVazmecfMHbq6gB6n4wj5u8To6AtqYgq_tc/edit?tab=t.0#heading=h.cz1xkpga7giy

Testing

• Added tests
• Modified tests
• Manually verified

[carlosmuvi-stripe]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• [FC] Add app verification to signup flows (Networking+ID) #9830
• [FC] Updates lookup call to use mobile endpoint on verified flows #9820 👈 (View in Graphite)
• [FC] Sends supports_app_verification to sync call when Integrity available #9819
• [FC] Prepares integrity on first sync call #9818
• [FC] Adds ActivityRetainedScope and broader singleton component #9821
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Diffuse output:

OLD: paymentsheet-example-release-master.apk (signature: V1, V2)
NEW: paymentsheet-example-release-pr.apk (signature: V1, V2)

          │            compressed             │          uncompressed           
          ├───────────┬───────────┬───────────┼──────────┬──────────┬───────────
 APK      │ old       │ new       │ diff      │ old      │ new      │ diff      
──────────┼───────────┼───────────┼───────────┼──────────┼──────────┼───────────
      dex │   3.9 MiB │   3.9 MiB │ +12.6 KiB │  8.6 MiB │  8.6 MiB │ +31.4 KiB 
     arsc │   2.2 MiB │   2.2 MiB │    +180 B │  2.2 MiB │  2.2 MiB │    +180 B 
 manifest │     5 KiB │   5.1 KiB │     +78 B │ 24.9 KiB │ 25.2 KiB │    +316 B 
      res │ 906.3 KiB │ 906.3 KiB │      +4 B │  1.4 MiB │  1.4 MiB │       0 B 
   native │   2.6 MiB │   2.6 MiB │       0 B │    6 MiB │    6 MiB │       0 B 
    asset │   1.6 MiB │   1.6 MiB │  +1.5 KiB │  1.6 MiB │  1.6 MiB │  +1.5 KiB 
    other │   1.4 MiB │   1.4 MiB │    +474 B │  1.6 MiB │  1.6 MiB │    +484 B 
──────────┼───────────┼───────────┼───────────┼──────────┼──────────┼───────────
    total │  12.6 MiB │  12.6 MiB │ +14.8 KiB │ 21.5 MiB │ 21.5 MiB │ +33.8 KiB 

 DEX     │ old   │ new   │ diff                 
─────────┼───────┼───────┼──────────────────────
   files │     1 │     1 │    0                 
 strings │ 40595 │ 40774 │ +179 (+4392 -4213)   
   types │ 14008 │ 14067 │  +59 (+4266 -4207)   
 classes │ 11682 │ 11739 │  +57 (+3460 -3403)   
 methods │ 59616 │ 59827 │ +211 (+28927 -28716) 
  fields │ 39806 │ 39943 │ +137 (+21294 -21157) 

 ARSC    │ old  │ new  │ diff       
─────────┼──────┼──────┼────────────
 configs │  243 │  243 │  0         
 entries │ 6207 │ 6208 │ +1 (+1 -0)

APK

      compressed      │     uncompressed      │                                            
──────────┬───────────┼───────────┬───────────┤                                            
 size     │ diff      │ size      │ diff      │ path                                       
──────────┼───────────┼───────────┼───────────┼────────────────────────────────────────────
  3.9 MiB │ +12.6 KiB │   8.6 MiB │ +31.4 KiB │ ∆ classes.dex                              
  7.8 KiB │  +1.4 KiB │   7.7 KiB │  +1.4 KiB │ ∆ assets/dexopt/baseline.prof              
  2.2 MiB │    +180 B │   2.2 MiB │    +180 B │ ∆ resources.arsc                           
    161 B │    +161 B │      58 B │     +58 B │ + core-common.properties                   
    155 B │    +155 B │      54 B │     +54 B │ + integrity.properties                     
    127 B │    +127 B │       5 B │      +5 B │ + META-INF/services/I9.w                   
    127 B │    +127 B │       5 B │      +5 B │ + META-INF/services/J9.a                   
          │    -127 B │           │      -5 B │ - META-INF/services/E9.x                   
          │    -127 B │           │      -5 B │ - META-INF/services/F9.a                   
 50.2 KiB │     +84 B │ 118.5 KiB │    +186 B │ ∆ META-INF/MANIFEST.MF                     
  5.1 KiB │     +78 B │  25.2 KiB │    +316 B │ ∆ AndroidManifest.xml                      
 53.5 KiB │     +77 B │ 118.5 KiB │    +186 B │ ∆ META-INF/CERT.SF                         
  1,008 B │     +13 B │     876 B │     +13 B │ ∆ assets/dexopt/baseline.profm             
    165 B │      -3 B │      10 B │       0 B │ ∆ META-INF/services/java.security.Provider 
    733 B │      +1 B │   1.4 KiB │       0 B │ ∆ res/0o.xml                               
    852 B │      +1 B │   1.8 KiB │       0 B │ ∆ res/8Q.xml                               
    763 B │      +1 B │   1.4 KiB │       0 B │ ∆ res/AB.xml                               
    758 B │      +1 B │   1.4 KiB │       0 B │ ∆ res/fD.xml                               
──────────┼───────────┼───────────┼───────────┼────────────────────────────────────────────
  6.3 MiB │ +14.8 KiB │  11.1 MiB │ +33.8 KiB │ (total)

MANIFEST

@@ -488,2 +488,8 @@
         />
+    <activity
+        android:exported="false"
+        android:name="com.google.android.play.core.common.PlayCoreDialogWrapperActivity"
+        android:stateNotNeeded="true"
+        android:theme="@style/Theme.PlayCore.Transparent"
+        />
   </application>

DEX

STRINGS:

   old   │ new   │ diff               
  ───────┼───────┼────────────────────
   40595 │ 40774 │ +179 (+4392 -4213) 
  
  +  (https://developer.android.com/google/play/integrity/reference/com/google/android/play/core/integrity/model/StandardIntegrityErrorCode.html#
  +  : Binder has died.
  +  cloudProjectNumber
  +  webViewRequestMode
  + %s : Binder has died.
  + , appVerificationEnabled=
  + , eventTimestamp=
  + , verdictOptOut=
  + 12345
  + 8P1sW0EPJcslw7UzRsiXL64w-O50Ed-RBICtay1g24M
  + API_NOT_AVAILABLE
  + APP_NOT_INSTALLED
  + APP_UID_MISMATCH
  + Already connected to the service.
  + Binding to the service in the Play Store has failed. This can be due to having an old Play Store version installed on the device.
  Ask the user to update Play Store.
  
  + CANNOT_BIND_TO_SERVICE
  + CLIENT_TRANSIENT_ERROR
  + CLOUD_PROJECT_NUMBER_IS_INVALID
  + Cannot return null from a non-@Nullable component method
  + ErrorCode should not be 0.
  + EventRecord{eventType=
  + ExpressIntegrityService
  + Failed to bind to the service.
  + Failed to warm up the IntegrityStandardRequestManager
  + GOOGLE_SERVER_UNAVAILABLE
  + GXWy8XF3vIml3_MfnmSmyuKBpT3B0dWbHRR_4cgq-gA
  + Google Play Services is not available or version is too old.
  Ask the user to Install or Update Play Services.
  
  + INTEGRITY_TOKEN_PROVIDER_INVALID
  + Initiate binding to the service.
  + Integrity - Failed to request integrity token
  + Integrity token provider is not initialized. Call prepare() first.
  + Integrity: Failed to prepare integrity token
  + IntegrityDialogWrapper
  + LA4/e;
  + LA4/f;
  + LA4/g;
  + LA4/h;
  + LA4/i;
  + LA4/j;
  + LA4/k;
  + LA4/l;
  + LA4/m;
  + LA4/n;
  + LA4/o;
  + LA4/p;
  + LA4/q;
  + LA4/r;
  + LA4/s;
  + LA4/t;
  + LA4/u;
  + LA5/A0;
  + LA5/A;
  + LA5/B0;
  + LA5/B;
  + LA5/C0;
  + LA5/C;
  + LA5/D0;
  + LA5/D;
  + LA5/E0;
  + LA5/E;
  + LA5/F0;
  + LA5/F;
  + LA5/G0;
  + LA5/G;
  + LA5/H0;
  + LA5/H;
  + LA5/I0;
  + LA5/I;
  + LA5/J0;
  + LA5/J;
  + LA5/K0;
  + LA5/K;
  + LA5/L0;
  + LA5/L;
  + LA5/M0;
  + LA5/M;
  + LA5/N0;
  + LA5/N;
  + LA5/O0;
  + LA5/O;
  + LA5/P0;
  + LA5/P;
  + LA5/Q;
  + LA5/S;
  + LA5/T;
  + LA5/U;
  + LA5/V;
  + LA5/W;
  + LA5/X;
  + LA5/Y;
  + LA5/Z;
  + LA5/a0;
  + LA5/b0;
  + LA5/c0;
  + LA5/d0;
  + LA5/e0;
  + LA5/f0;
  + LA5/g0;
  + LA5/h0;
  + LA5/i0;
  + LA5/j0;
  + LA5/k0;
  + LA5/l0;
  + LA5/m0;
  + LA5/m;
  + LA5/n0;
  + LA5/n;
  + LA5/o0;
  + LA5/o;
  + LA5/p0;
  + LA5/p;
  + LA5/q0;
  + LA5/q;
  + LA5/r0;
  + LA5/r;
  + LA5/s0;
  + LA5/s;
  + LA5/t0;
  + LA5/t;
  + LA5/u0;
  + LA5/u;
  + LA5/v0;
  + LA5/v;
  + LA5/w0;
  + LA5/w;
  + LA5/x0;
  + LA5/x;
  + LA5/y0;
  + LA5/y;
  + LA5/z0;
  + LA5/z;
  + LA6/A;
  + LA6/B;
  + LA6/C;
  + LA6/D;
  + LA6/E;
  + LA6/F;
  + LA6/G;
  + LA6/H;
  + LA6/I;
  + LA6/J;
  + LA6/K;
  + LA6/L;
  + LA6/M;
  + LA6/N;
  + LA6/O;
  + LA6/P;
  + LA6/Q;
  + LA6/S;
  + LA6/T;
  + LA6/U;
  + LA6/V;
  + LA6/W;
  + LA6/X;
  + LA6/u;
  + LA6/v;
  + LA6/w;
  + LA6/x;
  + LA6/y;
  + LA6/z;
  + LA7/A;
  + LA7/B;
  + LA7/C;
  + LA7/D;
  + LA7/E;
  + LA7/F;
  + LA7/G;
  + LA7/H;
  + LA7/I;
  + LA7/J;
  + LA7/u;
  + LA7/v;
  + LA7/w;
  + LA7/x;
  + LA7/y;
  + LA7/z;
  + LA8/a;
  + LA8/b;
  + LA8/c;
  + LA8/d;
  + LA8/e;
  + LA8/f;
  + LA8/g;
  + LA8/h;
  + LBa/c;
  + LC/I0;
  + LC/J0;
  + LC5/A;
  + LC5/B;
  + LC5/C;
  + LC5/D;
  + LC5/E;
  + LC5/F;
  + LC5/G;
  + LC5/H;
  + LC5/I;
  + LC5/J;
  + LC5/K;
  + LC5/L;
  + LC5/M;
  + LC5/N;
  + LC5/O;
  + LC5/c;
  + LC5/d;
  + LC5/e;
  + LC5/f;
  + LC5/g;
  + LC5/h;
  + LC5/i;
  + LC5/j;
  + LC5/k;
  + LC5/l;
  + LC5/m;
  + LC5/n;
  + LC5/o;
  + LC5/p;
  + LC5/q;
  + LC5/r;
  + LC5/s;
  + LC5/t;
  + LC5/u;
  + LC5/v;
  + LC5/w;
  + LC5/x;
  + LC5/y;
  + LC5/z;
  + LC6/d;
  + LC6/e;
  + LC6/f;
  + LC6/g;
  + LC6/h;
  + LC6/i;
  + LC6/j;
  + LC6/k;
  + LC6/l;
  + LC6/m;
  + LC6/n;
  + LC6/o;
  + LC6/p;
  + LC6/q;
  + LC6/r;
  + LC6/s;
  + LC6/t;
  + LC6/u;
  + LC6/v;
  + LC6/w;
  + LC6/x;
  + LC6/y;
  + LC6/z;
  + LC8/a;
  + LC8/b;
  + LC8/c;
  + LC8/d;
  + LC8/e;
  + LC8/f;
  + LC8/g;
  + LC8/h;
  + LC8/i;
  + LC8/j;
  + LC8/k;
  + LC8/l;
  + LC9/f;
  + LC9/g;
  + LC9/h;
  + LC9/i;
  + LCa/d;
  + LCa/e;
  + LCa/f;
  + LCa/g;
  + LCa/h;
  + LCa/i;
  + LCa/j;
  + LCa/k;
  + LCa/l;
  + LCa/m;
  + LD/G0;
  + LD6/b;
  + LD6/c;
  + LD6/d;
  + LD6/e;
  + LD6/f;
  + LD6/g;
  + LD6/h;
  + LD6/i;
  + LD6/j;
  + LD6/k;
  + LD6/l;
  + LD6/m;
  + LD6/n;
  + LD6/o;
  + LD6/p;
  + LD9/b;
  + LD9/c;
  + LD9/d;
  + LD9
...✂

ARSC

ENTRIES:

   old  │ new  │ diff       
  ──────┼──────┼────────────
   6207 │ 6208 │ +1 (+1 -0) 
  + style/Theme.PlayCore.Transparent

[carlosmuvi-stripe]

this was wrongly called lookup, we were actually calling POST consumer_session. Renamed accordingly.

[graphite-app]

The URL in this comment should be consumers/mobile/sessions/lookup to match the actual API endpoint being referenced in mobileConsumerSessionLookupUrl

Spotted by Graphite Reviewer

Is this helpful? React 👍 or 👎 to let us know.