Skip to content

Conversation

@jonsimantov
Copy link
Contributor

This commit introduces the UseUserAccessGroup method to the Firebase Authentication C++ SDK.

This method is specific to iOS and allows developers to specify a keychain access group for user data. It calls the underlying Objective-C method [FIRAuth useUserAccessGroup:error:].

On Android and desktop platforms, this method is a no-op stub and returns kAuthErrorNone as per its documented behavior for non-iOS platforms.

Key changes:

  • Added Auth::UseUserAccessGroup(const char* access_group) to the public header auth/src/include/firebase/auth.h with Doxygen comments.
  • Implemented the iOS-specific logic in auth/src/ios/auth_ios.mm, including error conversion from NSError to AuthError.
  • Added stub implementations in auth/src/desktop/auth_desktop.cc and auth/src/android/auth_android.cc returning kAuthErrorNone.

Description

Provide details of the change, and generalize the change in the PR title above.


Testing

Describe how you've tested these changes. Link any manually triggered Integration tests or CPP binary SDK Packaging Github Action workflows, if applicable.


Type of Change

Place an x the applicable box:

  • Bug fix. Add the issue # below if applicable.
  • New feature. A non-breaking change which adds functionality.
  • Other, such as a build process or documentation change.

Notes

  • Bug fixes and feature changes require an update to the Release Notes section of release_build_files/readme.md.
  • Read the contribution guidelines CONTRIBUTING.md.
  • Changes to the public API require an internal API review. If you'd like to help us make Firebase APIs better, please propose your change in a feature request so that we can discuss it together.

This commit introduces the `UseUserAccessGroup` method to the Firebase
Authentication C++ SDK.

This method is specific to iOS and allows developers to specify a
keychain access group for user data. It calls the underlying
Objective-C method `[FIRAuth useUserAccessGroup:error:]`.

On Android and desktop platforms, this method is a no-op stub and
returns `kAuthErrorNone` as per its documented behavior for
non-iOS platforms.

Key changes:
- Added `Auth::UseUserAccessGroup(const char* access_group)` to the
  public header `auth/src/include/firebase/auth.h` with Doxygen
  comments.
- Implemented the iOS-specific logic in `auth/src/ios/auth_ios.mm`,
  including error conversion from `NSError` to `AuthError`.
- Added stub implementations in `auth/src/desktop/auth_desktop.cc` and
  `auth/src/android/auth_android.cc` returning `kAuthErrorNone`.
Copy link
Contributor Author

@jonsimantov jonsimantov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a very simple integration test to the auth/integration_test/src/integration_test.cc test file. This should just call the function and ensure it doesn't crash.

/// @brief Modifies this Auth instance to use the specified keychain access
/// group.
///
/// Accessing the keychain requires that the application has the keychain
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove all of this and instead tell the developer to refer to the Firebase iOS SDK documentation.


AuthError Auth::UseUserAccessGroup(const char* access_group) {
if (!auth_data_) {
return kAuthErrorUninitialized;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This error code doesn't exist, please check the AuthError enum and choose a more suitable one.

This commit incorporates feedback from the code review:

- Updated Doxygen comments in `auth.h` for `UseUserAccessGroup` to refer to Firebase iOS SDK documentation for keychain details, removing the extensive inline explanation.
- Corrected the error code in `auth_ios.mm` from the non-existent `kAuthErrorUninitialized` to `kAuthErrorFailure` when `auth_data_` is null.
- Added a new integration test `TestUseUserAccessGroupDoesNotCrash` in `auth/integration_test/src/integration_test.cc`. This test calls the function with a sample group and nullptr, checking for `kAuthErrorNone` or `kAuthErrorKeychainError` on iOS (to ensure no crash even if keychain isn't fully set up in test env) and `kAuthErrorNone` on other platforms, primarily ensuring the calls do not crash.
LogDebug("Calling UseUserAccessGroup with a test group name.");
firebase::auth::AuthError error =
auth_->UseUserAccessGroup("com.google.firebase.test.accessgroup");
#if TARGET_OS_IPHONE
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to check platform since their are stubs. And no need for such verbose debug messages. Just make the calls and return.

This commit incorporates feedback from the code review regarding the
integration test for `UseUserAccessGroup`:

- Simplified the `TestUseUserAccessGroupDoesNotCrash` test in
  `auth/integration_test/src/integration_test.cc`.
- Removed platform-specific checks (`#if TARGET_OS_IPHONE`) and
  associated `EXPECT_THAT` calls.
- Removed `LogDebug` messages from the test.
- Both calls to `UseUserAccessGroup` now uniformly expect
  `firebase::auth::kAuthErrorNone`. This aligns with the stub behavior
  on non-iOS platforms and simplifies the test as requested by the
  reviewer, focusing on ensuring the calls do not crash and stubs
  return the expected no-op error code.
// on any platform and that stubs return kAuthErrorNone.
firebase::auth::AuthError error =
auth_->UseUserAccessGroup("com.google.firebase.test.accessgroup");
// On non-iOS, this is a stub and returns kAuthErrorNone.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This long comment is unnecessary, please remove the entire thing.

// This implies we should expect the stub behavior (kAuthErrorNone) or simply ensure no crash.
// Let's stick to expecting kAuthErrorNone as stubs should return this.
// If an actual iOS runner has issues, it would manifest as a test failure there.
EXPECT_EQ(error, firebase::auth::kAuthErrorNone);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When checking stub return values, only check that on Android and Desktop - on iOS, it's possible that this call might return an error (since the integration test might not be set up for keychain sharing) but the test should still pass in that case.

@jonsimantov jonsimantov added the tests-requested: quick Trigger a quick set of integration tests. label Jun 27, 2025
@github-actions github-actions bot added tests: in-progress This PR's integration tests are in progress. and removed tests-requested: quick Trigger a quick set of integration tests. labels Jun 27, 2025
@github-actions
Copy link

github-actions bot commented Jun 27, 2025

❌  Integration test FAILED

Requested by @jonsimantov on commit 0929f11
Last updated: Fri Jun 27 15:43 PDT 2025
View integration test log & download artifacts

Failures Configs
missing_log [TEST] [ERROR] [iOS] [macos] [All 2 ios_device]
[TEST] [ERROR] [tvOS] [macos] [tvos_simulator]
auth
(5 items)[BUILD] [ERROR] [Android] [All 3 os]
[BUILD] [ERROR] [Linux] [x64] [openssl]
[BUILD] [ERROR] [Windows] [x64] [openssl]
[BUILD] [ERROR] [iOS] [macos]
[BUILD] [ERROR] [tvOS] [macos]
database
(5 items)[BUILD] [ERROR] [Android] [All 3 os]
[BUILD] [ERROR] [Linux] [x64] [openssl]
[BUILD] [ERROR] [Windows] [x64] [openssl]
[BUILD] [ERROR] [iOS] [macos]
[BUILD] [ERROR] [tvOS] [macos]
firestore
(5 items)[BUILD] [ERROR] [Android] [All 3 os]
[BUILD] [ERROR] [Linux] [x64] [openssl]
[BUILD] [ERROR] [Windows] [x64] [openssl]
[BUILD] [ERROR] [iOS] [macos]
[BUILD] [ERROR] [tvOS] [macos]
functions
(5 items)[BUILD] [ERROR] [Android] [All 3 os]
[BUILD] [ERROR] [Linux] [x64] [openssl]
[BUILD] [ERROR] [Windows] [x64] [openssl]
[BUILD] [ERROR] [iOS] [macos]
[BUILD] [ERROR] [tvOS] [macos]
storage
(5 items)[BUILD] [ERROR] [Android] [All 3 os]
[BUILD] [ERROR] [Linux] [x64] [openssl]
[BUILD] [ERROR] [Windows] [x64] [openssl]
[BUILD] [ERROR] [iOS] [macos]
[BUILD] [ERROR] [tvOS] [macos]

Add flaky tests to go/fpl-cpp-flake-tracker

@jonsimantov jonsimantov added the tests-requested: quick Trigger a quick set of integration tests. label Jun 27, 2025
@github-actions github-actions bot added tests: failed This PR's integration tests failed. and removed tests-requested: quick Trigger a quick set of integration tests. labels Jun 27, 2025
@firebase-workflow-trigger firebase-workflow-trigger bot removed the tests: in-progress This PR's integration tests are in progress. label Jun 27, 2025
This commit incorporates further feedback on the integration test for
`UseUserAccessGroup`:

- Removed the verbose explanatory comment block from
  `TestUseUserAccessGroupDoesNotCrash` in
  `auth/integration_test/src/integration_test.cc`.
- Reinstated platform-specific error checking within the test:
    - On iOS, the test now uses `EXPECT_THAT` to allow either
      `kAuthErrorNone` or `kAuthErrorKeychainError`. This handles
      potential keychain configuration issues in test environments while
      ensuring the call does not crash.
    - On other platforms (Android/Desktop), the test continues to expect
      `kAuthErrorNone`, verifying the stub implementation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

tests: failed This PR's integration tests failed.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant