[SIWA] Handle credential state changes

Podfile

@@ -176,7 +176,7 @@ target 'WordPress' do
 
     pod 'Gridicons', '~> 0.16'
 
-    pod 'WordPressAuthenticator', '~> 1.10.0-beta.2'
+    pod 'WordPressAuthenticator', '~> 1.10.0-beta.3'
     # pod 'WordPressAuthenticator', :path => '../WordPressAuthenticator-iOS'
     # pod 'WordPressAuthenticator', :git => 'https://github.com/wordpress-mobile/WordPressAuthenticator-iOS.git', :branch => ''
 

Podfile.lock

@@ -211,7 +211,7 @@ PODS:
   - WordPress-Aztec-iOS (1.9.0)
   - WordPress-Editor-iOS (1.9.0):
     - WordPress-Aztec-iOS (= 1.9.0)
-  - WordPressAuthenticator (1.10.0-beta.2):
+  - WordPressAuthenticator (1.10.0-beta.3):
     - 1PasswordExtension (= 1.8.5)
     - Alamofire (= 4.7.3)
     - CocoaLumberjack (~> 3.5)
@@ -301,7 +301,7 @@ DEPENDENCIES:
   - Starscream (= 3.0.6)
   - SVProgressHUD (= 2.2.5)
   - WordPress-Editor-iOS (~> 1.9.0)
-  - WordPressAuthenticator (~> 1.10.0-beta.2)
+  - WordPressAuthenticator (~> 1.10.0-beta.3)
   - WordPressKit (~> 4.5.0)
   - WordPressMocks (~> 0.0.6)
   - WordPressShared (~> 1.8.7)
@@ -492,7 +492,7 @@ SPEC CHECKSUMS:
   UIDeviceIdentifier: 8f8a24b257a4d978c8d40ad1e7355b944ffbfa8c
   WordPress-Aztec-iOS: e58c7ab55b0bae53418a705876093fed314b6586
   WordPress-Editor-iOS: 36114a1e155b0696939dba80989652c185e91e01
-  WordPressAuthenticator: df4fe0236ff746bcdc7d1d3b4f7124d4374739f3
+  WordPressAuthenticator: 7dcf41c51468a073194fd50434ebc64caabea742
   WordPressKit: 87ba4cce3f5269e26a09568a749ec1b8b2ba2267
   WordPressMocks: 5913bd04586a360212e07a8ccbcb36068d4425a3
   WordPressShared: 09cf184caa614835f5811e8609227165201e6d3e
@@ -503,6 +503,6 @@ SPEC CHECKSUMS:
   ZendeskSDK: 787414f9240ee6ef8cfe4ea0f00e8b4d01d2d264
   ZIPFoundation: 89df685c971926b0323087952320bdfee9f0b6ef
 
-PODFILE CHECKSUM: 907e99f5995a14583d361a93abf6ec599be0caab
+PODFILE CHECKSUM: a2978bd1db52cc95cd927dfbd5136bacf387c315
 
 COCOAPODS: 1.7.5

WordPress/Classes/System/WordPressAppDelegate.swift

@@ -863,14 +863,7 @@ extension WordPressAppDelegate {
 
         // If not logged in, remove the Apple User ID from the keychain, if it exists.
         guard AccountHelper.isLoggedIn else {
-            do {
-                try SFHFKeychainUtils.deleteItem(forUsername: WPAppleIDKeychainUsernameKey,
-                                                 andServiceName: WPAppleIDKeychainUsernameKey)
-            } catch let error as NSError {
-                if error.code != errSecItemNotFound {
-                    DDLogError("Error while removing Apple User ID from keychain: \(error.localizedDescription)")
-                }
-            }
+            removeAppleIDFromKeychain()
             return
         }
 
@@ -885,17 +878,21 @@ extension WordPressAppDelegate {
         }
 
         // Get the Apple User ID state. If not authorized, log out the account.
-        WordPressAuthenticator.shared.checkAppleIDCredentialState(for: appleUserID) { [weak self] (authorized, error) in
-
-            // An error exists only for the 'not found' state.
-            // 'not found' is a valid state when logging in with an Apple account for the first time.
-            if let error = error {
-                DDLogDebug("checkAppleIDCredentialState: Apple ID state not found: \(error.localizedDescription)")
-            }
-
-            if !authorized {
-                DDLogInfo("checkAppleIDCredentialState: Unauthorized Apple ID. User signed out.")
-                self?.logOutDefaultWordPressComAccount()
+        WordPressAuthenticator.shared.getAppleIDCredentialState(for: appleUserID) { [weak self] (state, error) in
+
+            DDLogDebug("checkAppleIDCredentialState: Apple ID state: \(state.rawValue)")
+
+            switch state {
+            case .revoked:
+                DDLogInfo("checkAppleIDCredentialState: Revoked Apple ID. User signed out.")
+                self?.logOutRevokedAppleAccount()
+            default:
+                // An error exists only for the notFound state.
+                // notFound is a valid state when logging in with an Apple account for the first time.
+                if let error = error {
+                    DDLogDebug("checkAppleIDCredentialState: Apple ID state not found: \(error.localizedDescription)")
+                }
+                break
             }
         }
     }
@@ -904,7 +901,7 @@ extension WordPressAppDelegate {
         WordPressAuthenticator.shared.startObservingAppleIDCredentialRevoked { [weak self] in
             if AccountHelper.isLoggedIn {
                 DDLogInfo("Apple credentialRevokedNotification received. User signed out.")
-                self?.logOutDefaultWordPressComAccount()
+                self?.logOutRevokedAppleAccount()
             }
         }
     }
@@ -913,10 +910,26 @@ extension WordPressAppDelegate {
         WordPressAuthenticator.shared.stopObservingAppleIDCredentialRevoked()
     }
 
+    func logOutRevokedAppleAccount() {
+        removeAppleIDFromKeychain()
+        logOutDefaultWordPressComAccount()
+    }
+
     func logOutDefaultWordPressComAccount() {
         DispatchQueue.main.async {
             AccountHelper.logOutDefaultWordPressComAccount()
         }
     }
 
+    func removeAppleIDFromKeychain() {
+        do {
+            try SFHFKeychainUtils.deleteItem(forUsername: WPAppleIDKeychainUsernameKey,
+                                             andServiceName: WPAppleIDKeychainUsernameKey)
+        } catch let error as NSError {
+            if error.code != errSecItemNotFound {
+                DDLogError("Error while removing Apple User ID from keychain: \(error.localizedDescription)")
+            }
+        }
+    }
+
 }