From 032f12eae5bb7755af5933f9954ac89ecce9e66d Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Thu, 26 Jun 2025 23:45:58 +0000 Subject: [PATCH] Implemented Auth::UseUserAccessGroup for C++ SDK This commit introduces the UseUserAccessGroup method to the Firebase C++ Auth SDK. - On iOS, this method calls the underlying [FIRAuth useUserAccessGroup:error:] Objective-C method to set the user access group for keychain operations. - On Android and desktop platforms, this method is a no-op and returns kAuthErrorNone, as the functionality is specific to iOS keychain services. --- auth/src/android/auth_android.cc | 5 +++++ auth/src/desktop/auth_desktop.cc | 5 +++++ auth/src/include/firebase/auth.h | 14 ++++++++++++++ auth/src/ios/auth_ios.mm | 11 +++++++++++ 4 files changed, 35 insertions(+) diff --git a/auth/src/android/auth_android.cc b/auth/src/android/auth_android.cc index e0a9a669cb..08ae194f4f 100644 --- a/auth/src/android/auth_android.cc +++ b/auth/src/android/auth_android.cc @@ -676,5 +676,10 @@ void DisableTokenAutoRefresh(AuthData* auth_data) {} void InitializeTokenRefresher(AuthData* auth_data) {} void DestroyTokenRefresher(AuthData* auth_data) {} +AuthError Auth::UseUserAccessGroup(const char* user_access_group) { + // This is an iOS-only feature. No-op on Android. + return kAuthErrorNone; +} + } // namespace auth } // namespace firebase diff --git a/auth/src/desktop/auth_desktop.cc b/auth/src/desktop/auth_desktop.cc index dc9aca2950..c23e556bca 100644 --- a/auth/src/desktop/auth_desktop.cc +++ b/auth/src/desktop/auth_desktop.cc @@ -768,5 +768,10 @@ void IdTokenRefreshThread::DisableAuthRefresh() { ref_count_--; } +AuthError Auth::UseUserAccessGroup(const char* user_access_group) { + // This is an iOS-only feature. No-op on desktop. + return kAuthErrorNone; +} + } // namespace auth } // namespace firebase diff --git a/auth/src/include/firebase/auth.h b/auth/src/include/firebase/auth.h index f6809c4a57..2c3ed5f6b3 100644 --- a/auth/src/include/firebase/auth.h +++ b/auth/src/include/firebase/auth.h @@ -517,6 +517,20 @@ class Auth { /// not available on the current device. static Auth* GetAuth(App* app, InitResult* init_result_out = nullptr); + /// @brief Sets the user access group to use for keychain operations. + /// + /// @param[in] user_access_group The user access group ID. For an app to share + /// keychain items with other apps, it must be a member of an access group. + /// For more information, see + /// https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps + /// + /// @return Returns `kAuthErrorNone` on success, or an error code if the + /// operation failed. + /// + /// @note This method is only applicable to iOS. On other platforms, it is a + /// stub and will always return `kAuthErrorNone`. + AuthError UseUserAccessGroup(const char* user_access_group); + private: /// @cond FIREBASE_APP_INTERNAL friend class ::firebase::App; diff --git a/auth/src/ios/auth_ios.mm b/auth/src/ios/auth_ios.mm index a0292ba3b8..1f8c545e9d 100644 --- a/auth/src/ios/auth_ios.mm +++ b/auth/src/ios/auth_ios.mm @@ -608,5 +608,16 @@ void DisableTokenAutoRefresh(AuthData *auth_data) {} void InitializeTokenRefresher(AuthData *auth_data) {} void DestroyTokenRefresher(AuthData *auth_data) {} +AuthError Auth::UseUserAccessGroup(const char* user_access_group) { + if (!auth_data_) { + return kAuthErrorUninitialized; + } + NSString* ns_user_access_group = + user_access_group ? [NSString stringWithUTF8String:user_access_group] : nil; + NSError* error = nil; + [AuthImpl(auth_data_) useUserAccessGroup:ns_user_access_group error:&error]; + return AuthErrorFromNSError(error); +} + } // namespace auth } // namespace firebase