When upgrading from 10.29.0 to 11.0.0 the user gets logged out.

[knopp]

Description

The reason for this is that new version can not read the keychain entry due to kSecUseDataProtectionKeychain.

This is genericPasswordQueryWithKey: from 10.29.0:

- (NSDictionary *)genericPasswordQueryWithKey:(NSString *)key {
  NSMutableDictionary *query = @{
    (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
    (__bridge id)kSecAttrAccount : [kAccountPrefix stringByAppendingString:key],
    (__bridge id)kSecAttrService : _service,
  }
                                   .mutableCopy;

  // TODO(ncooke3): Refactor Auth to provide a user defaults based
  // implementation for unit testing purposes on macOS.
#ifndef FIREBASE_AUTH_MACOS_TESTING
  // The below key prevents keychain popups from appearing on the client. It
  // requires a configured provisioing profile to function properly–– which
  // cannot be checked into the repo. Rather than disable most of the Auth
  // testing suite on macOS, the key is omitted. Paired with the
  // `scripts/configure_test_keychain.sh` script, the popups do not block CI.
  // See go/firebase-macos-keychain-popups for more details.
  if (@available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *)) {
    query[(__bridge id)kSecUseDataProtectionKeychain] = (__bridge id)kCFBooleanTrue;
  }
#endif  // FIREBASE_AUTH_MACOS_TESTING

  return [query copy];
}

On the surface it seems like it is setting the kSecUseDataProtectionKeychain flag. However it's not really, because FIREBASE_AUTH_MACOS_TESTING is defined to 1 in FirebaseAuth.podspec. So the code inside #ifndef is never included and the kSecUseDataProtectionKeychain flag is never set.

Compared to that, the new swift version is actually setting the kSecUseDataProtectionKechain flag:

  private func genericPasswordQuery(key: String) -> [String: Any] {
    if key.isEmpty {
      fatalError("The key cannot be empty.")
    }
    var query: [String: Any] = [
      kSecClass as String: kSecClassGenericPassword,
      kSecAttrAccount as String: kAccountPrefix + key,
      kSecAttrService as String: service,
    ]
    if #available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *) {
        query[kSecUseDataProtectionKeychain as String] = true
    }
    return query
  }

This seems like a rather painful regression and the flag should probably be disabled until there is migration in place?

Reproducing the issue

No response

Firebase SDK Version

11.0

Xcode Version

15.4

Installation Method

CocoaPods

Firebase Product(s)

Authentication

Targeted Platforms

macOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

No response

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

PODS:
  - app_links (1.0.0):
    - FlutterMacOS
  - AppAuth (1.7.5):
    - AppAuth/Core (= 1.7.5)
    - AppAuth/ExternalUserAgent (= 1.7.5)
  - AppAuth/Core (1.7.5)
  - AppAuth/ExternalUserAgent (1.7.5):
    - AppAuth/Core
  - audioplayers_darwin (0.0.1):
    - FlutterMacOS
  - cupertino_http (0.0.1):
    - FlutterMacOS
  - device_info_plus (0.0.1):
    - FlutterMacOS
  - emoji_picker_flutter (0.0.1):
    - FlutterMacOS
  - file_selector_macos (0.0.1):
    - FlutterMacOS
  - Firebase/Analytics (11.0.0):
    - Firebase/Core
  - Firebase/Auth (11.0.0):
    - Firebase/CoreOnly
    - FirebaseAuth (~> 11.0.0)
  - Firebase/Core (11.0.0):
    - Firebase/CoreOnly
    - FirebaseAnalytics (~> 11.0.0)
  - Firebase/CoreOnly (11.0.0):
    - FirebaseCore (= 11.0.0)
  - Firebase/Messaging (11.0.0):
    - Firebase/CoreOnly
    - FirebaseMessaging (~> 11.0.0)
  - Firebase/RemoteConfig (11.0.0):
    - Firebase/CoreOnly
    - FirebaseRemoteConfig (~> 11.0.0)
  - firebase_analytics (11.3.1):
    - Firebase/Analytics (= 11.0.0)
    - firebase_core
    - FlutterMacOS
  - firebase_auth (5.2.1):
    - Firebase/Auth (~> 11.0.0)
    - Firebase/CoreOnly (~> 11.0.0)
    - firebase_core
    - FlutterMacOS
  - firebase_core (3.4.1):
    - Firebase/CoreOnly (~> 11.0.0)
    - FlutterMacOS
  - firebase_messaging (15.1.1):
    - Firebase/CoreOnly (~> 11.0.0)
    - Firebase/Messaging (~> 11.0.0)
    - firebase_core
    - FlutterMacOS
  - firebase_remote_config (5.1.1):
    - Firebase/CoreOnly (~> 11.0.0)
    - Firebase/RemoteConfig (~> 11.0.0)
    - firebase_core
    - FlutterMacOS
  - FirebaseABTesting (11.2.0):
    - FirebaseCore (~> 11.0)
  - FirebaseAnalytics (11.0.0):
    - FirebaseAnalytics/AdIdSupport (= 11.0.0)
    - FirebaseCore (~> 11.0)
    - FirebaseInstallations (~> 11.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/MethodSwizzler (~> 8.0)
    - GoogleUtilities/Network (~> 8.0)
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
    - nanopb (~> 3.30910.0)
  - FirebaseAnalytics/AdIdSupport (11.0.0):
    - FirebaseCore (~> 11.0)
    - FirebaseInstallations (~> 11.0)
    - GoogleAppMeasurement (= 11.0.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/MethodSwizzler (~> 8.0)
    - GoogleUtilities/Network (~> 8.0)
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
    - nanopb (~> 3.30910.0)
  - FirebaseAppCheckInterop (11.2.0)
  - FirebaseAuth (11.0.0):
    - FirebaseAppCheckInterop (~> 11.0)
    - FirebaseAuthInterop (~> 11.0)
    - FirebaseCore (~> 11.0)
    - FirebaseCoreExtension (~> 11.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/Environment (~> 8.0)
    - GTMSessionFetcher/Core (~> 3.4)
    - RecaptchaInterop (~> 100.0)
  - FirebaseAuthInterop (11.2.0)
  - FirebaseCore (11.0.0):
    - FirebaseCoreInternal (~> 11.0)
    - GoogleUtilities/Environment (~> 8.0)
    - GoogleUtilities/Logger (~> 8.0)
  - FirebaseCoreExtension (11.2.0):
    - FirebaseCore (~> 11.0)
  - FirebaseCoreInternal (11.2.0):
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
  - FirebaseInstallations (11.2.0):
    - FirebaseCore (~> 11.0)
    - GoogleUtilities/Environment (~> 8.0)
    - GoogleUtilities/UserDefaults (~> 8.0)
    - PromisesObjC (~> 2.4)
  - FirebaseMessaging (11.0.0):
    - FirebaseCore (~> 11.0)
    - FirebaseInstallations (~> 11.0)
    - GoogleDataTransport (~> 10.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/Environment (~> 8.0)
    - GoogleUtilities/Reachability (~> 8.0)
    - GoogleUtilities/UserDefaults (~> 8.0)
    - nanopb (~> 3.30910.0)
  - FirebaseRemoteConfig (11.0.0):
    - FirebaseABTesting (~> 11.0)
    - FirebaseCore (~> 11.0)
    - FirebaseInstallations (~> 11.0)
    - FirebaseRemoteConfigInterop (~> 11.0)
    - FirebaseSharedSwift (~> 11.0)
    - GoogleUtilities/Environment (~> 8.0)
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
  - FirebaseRemoteConfigInterop (11.2.0)
  - FirebaseSharedSwift (11.2.0)
  - flutter_local_notifications (0.0.1):
    - FlutterMacOS
  - flutter_timezone (0.1.0):
    - FlutterMacOS
  - FlutterMacOS (1.0.0)
  - google_sign_in_ios (0.0.1):
    - AppAuth (>= 1.7.4)
    - Flutter
    - FlutterMacOS
    - GoogleSignIn (~> 7.1)
    - GTMSessionFetcher (>= 3.4.0)
  - GoogleAppMeasurement (11.0.0):
    - GoogleAppMeasurement/AdIdSupport (= 11.0.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/MethodSwizzler (~> 8.0)
    - GoogleUtilities/Network (~> 8.0)
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
    - nanopb (~> 3.30910.0)
  - GoogleAppMeasurement/AdIdSupport (11.0.0):
    - GoogleAppMeasurement/WithoutAdIdSupport (= 11.0.0)
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/MethodSwizzler (~> 8.0)
    - GoogleUtilities/Network (~> 8.0)
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
    - nanopb (~> 3.30910.0)
  - GoogleAppMeasurement/WithoutAdIdSupport (11.0.0):
    - GoogleUtilities/AppDelegateSwizzler (~> 8.0)
    - GoogleUtilities/MethodSwizzler (~> 8.0)
    - GoogleUtilities/Network (~> 8.0)
    - "GoogleUtilities/NSData+zlib (~> 8.0)"
    - nanopb (~> 3.30910.0)
  - GoogleDataTransport (10.1.0):
    - nanopb (~> 3.30910.0)
    - PromisesObjC (~> 2.4)
  - GoogleSignIn (7.1.0):
    - AppAuth (< 2.0, >= 1.7.3)
    - GTMAppAuth (< 5.0, >= 4.1.1)
    - GTMSessionFetcher/Core (~> 3.3)
  - GoogleUtilities/AppDelegateSwizzler (8.0.2):
    - GoogleUtilities/Environment
    - GoogleUtilities/Logger
    - GoogleUtilities/Network
    - GoogleUtilities/Privacy
  - GoogleUtilities/Environment (8.0.2):
    - GoogleUtilities/Privacy
  - GoogleUtilities/Logger (8.0.2):
    - GoogleUtilities/Environment
    - GoogleUtilities/Privacy
  - GoogleUtilities/MethodSwizzler (8.0.2):
    - GoogleUtilities/Logger
    - GoogleUtilities/Privacy
  - GoogleUtilities/Network (8.0.2):
    - GoogleUtilities/Logger
    - "GoogleUtilities/NSData+zlib"
    - GoogleUtilities/Privacy
    - GoogleUtilities/Reachability
  - "GoogleUtilities/NSData+zlib (8.0.2)":
    - GoogleUtilities/Privacy
  - GoogleUtilities/Privacy (8.0.2)
  - GoogleUtilities/Reachability (8.0.2):
    - GoogleUtilities/Logger
    - GoogleUtilities/Privacy
  - GoogleUtilities/UserDefaults (8.0.2):
    - GoogleUtilities/Logger
    - GoogleUtilities/Privacy
  - GTMAppAuth (4.1.1):
    - AppAuth/Core (~> 1.7)
    - GTMSessionFetcher/Core (< 4.0, >= 3.3)
  - GTMSessionFetcher (3.5.0):
    - GTMSessionFetcher/Full (= 3.5.0)
  - GTMSessionFetcher/Core (3.5.0)
  - GTMSessionFetcher/Full (3.5.0):
    - GTMSessionFetcher/Core
  - in_app_review (0.2.0):
    - FlutterMacOS
  - irondash_engine_context (0.0.1):
    - FlutterMacOS
  - nanopb (3.30910.0):
    - nanopb/decode (= 3.30910.0)
    - nanopb/encode (= 3.30910.0)
  - nanopb/decode (3.30910.0)
  - nanopb/encode (3.30910.0)
  - package_info_plus (0.0.1):
    - FlutterMacOS
  - path_provider_foundation (0.0.1):
    - Flutter
    - FlutterMacOS
  - PromisesObjC (2.4.0)
  - purchases_flutter (8.1.1):
    - FlutterMacOS
    - PurchasesHybridCommon (= 13.2.0)
  - PurchasesHybridCommon (13.2.0):
    - RevenueCat (= 5.3.1)
  - record_darwin (1.0.0):
    - Flutter
    - FlutterMacOS
  - RevenueCat (5.3.1)
  - rive_common (0.0.1):
    - FlutterMacOS
  - Sentry/HybridSDK (8.36.0)
  - sentry_flutter (8.9.0):
    - Flutter
    - FlutterMacOS
    - Sentry/HybridSDK (= 8.36.0)
  - shared_preferences_foundation (0.0.1):
    - Flutter
    - FlutterMacOS
  - sign_in_with_apple (0.0.1):
    - FlutterMacOS
  - Sparkle (2.6.4)
  - sqflite (0.0.3):
    - Flutter
    - FlutterMacOS
  - "sqlite3 (3.46.1+1)":
    - "sqlite3/common (= 3.46.1+1)"
  - "sqlite3/common (3.46.1+1)"
  - "sqlite3/dbstatvtab (3.46.1+1)":
    - sqlite3/common
  - "sqlite3/fts5 (3.46.1+1)":
    - sqlite3/common
  - "sqlite3/perf-threadsafe (3.46.1+1)":
    - sqlite3/common
  - "sqlite3/rtree (3.46.1+1)":
    - sqlite3/common
  - sqlite3_flutter_libs (0.0.1):
    - FlutterMacOS
    - "sqlite3 (~> 3.46.0+1)"
    - sqlite3/dbstatvtab
    - sqlite3/fts5
    - sqlite3/perf-threadsafe
    - sqlite3/rtree
  - super_audio_macos (0.1.0):
    - FlutterMacOS
  - super_native_extensions (0.0.1):
    - FlutterMacOS
  - url_launcher_macos (0.0.1):
    - FlutterMacOS

DEPENDENCIES:
  - app_links (from `Flutter/ephemeral/.symlinks/plugins/app_links/macos`)
  - audioplayers_darwin (from `Flutter/ephemeral/.symlinks/plugins/audioplayers_darwin/macos`)
  - cupertino_http (from `Flutter/ephemeral/.symlinks/plugins/cupertino_http/macos`)
  - device_info_plus (from `Flutter/ephemeral/.symlinks/plugins/device_info_plus/macos`)
  - emoji_picker_flutter (from `Flutter/ephemeral/.symlinks/plugins/emoji_picker_flutter/macos`)
  - file_selector_macos (from `Flutter/ephemeral/.symlinks/plugins/file_selector_macos/macos`)
  - firebase_analytics (from `Flutter/ephemeral/.symlinks/plugins/firebase_analytics/macos`)
  - firebase_auth (from `Flutter/ephemeral/.symlinks/plugins/firebase_auth/macos`)
  - firebase_core (from `Flutter/ephemeral/.symlinks/plugins/firebase_core/macos`)
  - firebase_messaging (from `Flutter/ephemeral/.symlinks/plugins/firebase_messaging/macos`)
  - firebase_remote_config (from `Flutter/ephemeral/.symlinks/plugins/firebase_remote_config/macos`)
  - flutter_local_notifications (from `Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos`)
  - flutter_timezone (from `Flutter/ephemeral/.symlinks/plugins/flutter_timezone/macos`)
  - FlutterMacOS (from `Flutter/ephemeral`)
  - google_sign_in_ios (from `Flutter/ephemeral/.symlinks/plugins/google_sign_in_ios/darwin`)
  - in_app_review (from `Flutter/ephemeral/.symlinks/plugins/in_app_review/macos`)
  - irondash_engine_context (from `Flutter/ephemeral/.symlinks/plugins/irondash_engine_context/macos`)
  - package_info_plus (from `Flutter/ephemeral/.symlinks/plugins/package_info_plus/macos`)
  - path_provider_foundation (from `Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/darwin`)
  - purchases_flutter (from `Flutter/ephemeral/.symlinks/plugins/purchases_flutter/macos`)
  - record_darwin (from `Flutter/ephemeral/.symlinks/plugins/record_darwin/macos`)
  - rive_common (from `Flutter/ephemeral/.symlinks/plugins/rive_common/macos`)
  - sentry_flutter (from `Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos`)
  - shared_preferences_foundation (from `Flutter/ephemeral/.symlinks/plugins/shared_preferences_foundation/darwin`)
  - sign_in_with_apple (from `Flutter/ephemeral/.symlinks/plugins/sign_in_with_apple/macos`)
  - Sparkle
  - sqflite (from `Flutter/ephemeral/.symlinks/plugins/sqflite/darwin`)
  - sqlite3
  - sqlite3_flutter_libs (from `Flutter/ephemeral/.symlinks/plugins/sqlite3_flutter_libs/macos`)
  - super_audio_macos (from `Flutter/ephemeral/.symlinks/plugins/super_audio_macos/macos`)
  - super_native_extensions (from `Flutter/ephemeral/.symlinks/plugins/super_native_extensions/macos`)
  - url_launcher_macos (from `Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos`)

SPEC REPOS:
  trunk:
    - AppAuth
    - Firebase
    - FirebaseABTesting
    - FirebaseAnalytics
    - FirebaseAppCheckInterop
    - FirebaseAuth
    - FirebaseAuthInterop
    - FirebaseCore
    - FirebaseCoreExtension
    - FirebaseCoreInternal
    - FirebaseInstallations
    - FirebaseMessaging
    - FirebaseRemoteConfig
    - FirebaseRemoteConfigInterop
    - FirebaseSharedSwift
    - GoogleAppMeasurement
    - GoogleDataTransport
    - GoogleSignIn
    - GoogleUtilities
    - GTMAppAuth
    - GTMSessionFetcher
    - nanopb
    - PromisesObjC
    - PurchasesHybridCommon
    - RevenueCat
    - Sentry
    - Sparkle
    - sqlite3

EXTERNAL SOURCES:
  app_links:
    :path: Flutter/ephemeral/.symlinks/plugins/app_links/macos
  audioplayers_darwin:
    :path: Flutter/ephemeral/.symlinks/plugins/audioplayers_darwin/macos
  cupertino_http:
    :path: Flutter/ephemeral/.symlinks/plugins/cupertino_http/macos
  device_info_plus:
    :path: Flutter/ephemeral/.symlinks/plugins/device_info_plus/macos
  emoji_picker_flutter:
    :path: Flutter/ephemeral/.symlinks/plugins/emoji_picker_flutter/macos
  file_selector_macos:
    :path: Flutter/ephemeral/.symlinks/plugins/file_selector_macos/macos
  firebase_analytics:
    :path: Flutter/ephemeral/.symlinks/plugins/firebase_analytics/macos
  firebase_auth:
    :path: Flutter/ephemeral/.symlinks/plugins/firebase_auth/macos
  firebase_core:
    :path: Flutter/ephemeral/.symlinks/plugins/firebase_core/macos
  firebase_messaging:
    :path: Flutter/ephemeral/.symlinks/plugins/firebase_messaging/macos
  firebase_remote_config:
    :path: Flutter/ephemeral/.symlinks/plugins/firebase_remote_config/macos
  flutter_local_notifications:
    :path: Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos
  flutter_timezone:
    :path: Flutter/ephemeral/.symlinks/plugins/flutter_timezone/macos
  FlutterMacOS:
    :path: Flutter/ephemeral
  google_sign_in_ios:
    :path: Flutter/ephemeral/.symlinks/plugins/google_sign_in_ios/darwin
  in_app_review:
    :path: Flutter/ephemeral/.symlinks/plugins/in_app_review/macos
  irondash_engine_context:
    :path: Flutter/ephemeral/.symlinks/plugins/irondash_engine_context/macos
  package_info_plus:
    :path: Flutter/ephemeral/.symlinks/plugins/package_info_plus/macos
  path_provider_foundation:
    :path: Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/darwin
  purchases_flutter:
    :path: Flutter/ephemeral/.symlinks/plugins/purchases_flutter/macos
  record_darwin:
    :path: Flutter/ephemeral/.symlinks/plugins/record_darwin/macos
  rive_common:
    :path: Flutter/ephemeral/.symlinks/plugins/rive_common/macos
  sentry_flutter:
    :path: Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos
  shared_preferences_foundation:
    :path: Flutter/ephemeral/.symlinks/plugins/shared_preferences_foundation/darwin
  sign_in_with_apple:
    :path: Flutter/ephemeral/.symlinks/plugins/sign_in_with_apple/macos
  sqflite:
    :path: Flutter/ephemeral/.symlinks/plugins/sqflite/darwin
  sqlite3_flutter_libs:
    :path: Flutter/ephemeral/.symlinks/plugins/sqlite3_flutter_libs/macos
  super_audio_macos:
    :path: Flutter/ephemeral/.symlinks/plugins/super_audio_macos/macos
  super_native_extensions:
    :path: Flutter/ephemeral/.symlinks/plugins/super_native_extensions/macos
  url_launcher_macos:
    :path: Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos

SPEC CHECKSUMS:
  app_links: 10e0a0ab602ffaf34d142cd4862f29d34b303b2a
  AppAuth: 501c04eda8a8d11f179dbe8637b7a91bb7e5d2fa
  audioplayers_darwin: dcad41de4fbd0099cb3749f7ab3b0cb8f70b810c
  cupertino_http: 1d506209e339211efa0764caa7b2de4bc55b6818
  device_info_plus: ce1b7762849d3ec103d0e0517299f2db7ad60720
  emoji_picker_flutter: 533634326b1c5de9a181ba14b9758e6dfe967a20
  file_selector_macos: 54fdab7caa3ac3fc43c9fac4d7d8d231277f8cf2
  Firebase: 9f574c08c2396885b5e7e100ed4293d956218af9
  firebase_analytics: 2169e28bb3ee1f765efe0fd4f5b5f625d92fda13
  firebase_auth: 64a63f92c1b46ad6c11d5384ca2c9f94d7106647
  firebase_core: 3f80bec72646b26618f0497e74ce8bcd608f03ca
  firebase_messaging: ce70e6615f0cd906d80b7a651b960d76dad6de56
  firebase_remote_config: 40f016ccd269ace2fe50d67ab51d872c79937b9b
  FirebaseABTesting: 2104d957ce33888a3d6f3bde298cdee376dde8f1
  FirebaseAnalytics: 27eb78b97880ea4a004839b9bac0b58880f5a92a
  FirebaseAppCheckInterop: ea21450529cf0ebd132788dd8916a0269abc684f
  FirebaseAuth: d5cf28be74d7e82257f6a3f717509eff70d3cf4a
  FirebaseAuthInterop: 47c09558af5d1b31f16fb352387c72d4804f4a24
  FirebaseCore: 3cf438f431f18c12cdf2aaf64434648b63f7e383
  FirebaseCoreExtension: cda74ddfb001224bd8fd1d6e74698b4ed07803de
  FirebaseCoreInternal: 0c569513412da9f3b31bd0b340013bbee8f295c5
  FirebaseInstallations: 771177d89d6c451dc6e50085ec82e2fc77ed0a4a
  FirebaseMessaging: d2d1d9c62c46dd2db49a952f7deb5b16ad2c9742
  FirebaseRemoteConfig: fe8b7e6d6770fefbde27b0cac3f3deffba6e7326
  FirebaseRemoteConfigInterop: 477b26fdeb8fb5fbaf22fa9db5343b42289dc7db
  FirebaseSharedSwift: 7a0d78d155ede78407f0fdc89fbc914014c7c540
  flutter_local_notifications: 3805ca215b2fb7f397d78b66db91f6a747af52e4
  flutter_timezone: 6b906d1740654acb16e50b639835628fea851037
  FlutterMacOS: 8f6f14fa908a6fb3fba0cd85dbd81ec4b251fb24
  google_sign_in_ios: 07375bfbf2620bc93a602c0e27160d6afc6ead38
  GoogleAppMeasurement: 6e49ffac7d3f2c3ded9cc663f912a13b67bbd0de
  GoogleDataTransport: aae35b7ea0c09004c3797d53c8c41f66f219d6a7
  GoogleSignIn: d4281ab6cf21542b1cfaff85c191f230b399d2db
  GoogleUtilities: 26a3abef001b6533cf678d3eb38fd3f614b7872d
  GTMAppAuth: f69bd07d68cd3b766125f7e072c45d7340dea0de
  GTMSessionFetcher: 5aea5ba6bd522a239e236100971f10cb71b96ab6
  in_app_review: a850789fad746e89bce03d4aeee8078b45a53fd0
  irondash_engine_context: da62996ee25616d2f01bbeb85dc115d813359478
  nanopb: fad817b59e0457d11a5dfbde799381cd727c1275
  package_info_plus: fa739dd842b393193c5ca93c26798dff6e3d0e0c
  path_provider_foundation: 2b6b4c569c0fb62ec74538f866245ac84301af46
  PromisesObjC: f5707f49cb48b9636751c5b2e7d227e43fba9f47
  purchases_flutter: 311989c823552e3f81e9b8767d4a326a50a8794b
  PurchasesHybridCommon: 20acf98303a9593f5d56b449459dcf16ea581a99
  record_darwin: df0a677188e5fed18472550298e675f19ddaffbe
  RevenueCat: b2d2555cbb1f4116d341af4c5f82269c8e4e499a
  rive_common: cf5ab646aa576b2d742d0e2d528126fbf032c856
  Sentry: f8374b5415bc38dfb5645941b3ae31230fbeae57
  sentry_flutter: 0eb93e5279eb41e2392212afe1ccd2fecb4f8cbe
  shared_preferences_foundation: fcdcbc04712aee1108ac7fda236f363274528f78
  sign_in_with_apple: a9e97e744e8edc36aefc2723111f652102a7a727
  Sparkle: 5f8960a7a119aa7d45dacc0d5837017170bc5675
  sqflite: 673a0e54cc04b7d6dba8d24fb8095b31c3a99eec
  sqlite3: 0bb0e6389d824e40296f531b858a2a0b71c0d2fb
  sqlite3_flutter_libs: 5ca46c1a04eddfbeeb5b16566164aa7ad1616e7b
  super_audio_macos: 7870a4d174219d7bc1cb4087dda83a4079936d2c
  super_native_extensions: 85efee3a7495b46b04befcfc86ed12069264ebf3
  url_launcher_macos: 5f437abeda8c85500ceb03f5c1938a8c5a705399

PODFILE CHECKSUM: 94c9d80cd142b5dc81af94830113895e6e7be908

COCOAPODS: 1.15.2

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[ncooke3]

Thanks for the report, @knopp and apologies for the trouble. I took a look back and it looks like there are a few things going on here. In short, it was a mistake that the kSecUseDataProtectionKeychain flag was not being set in 10.29.0, and based on past reported behavior, attempting migration was believed to be more disruptive that a one-time need to re-auth.

This flag was added to this code in 10.05 to fix an issue where accessing the keychain on macOS would show pop-ups. The #ifndef was not correctly configured in the podspec causing the change to not work as intended for the CocoaPods distribution.

10.05 release notes: https://firebase.google.com/support/release-notes/ios#version_1050_-_february_7_2023

Apple recommends setting the kSecUseDataProtectionKeychain for all platforms. And doing so requires enabling the keychain groups capability on macOS. The issue with attempting a migration from non-kSecUseDataProtectionKeychain to using kSecUseDataProtectionKeychain was that a migration would trigger the popups when using the non-kSecUseDataProtectionKeychain query. This was why migration was avoided and also meant that a one-time cost of needing to re-auth was needed.

Here is the discussion for the original issue #10582 that prompted adding this flag to this code.

[kgaidis]

EDIT: the particular issue described below does not happen in 11.3.0 source

---

I just tried to do an update from 10.24.0 to 11.2.0

If I build my iOS app, user is logged out =O (using Sign in with Apple)

Is there a way to avoid getting users logged out? Is there a way I can do some migration myself? Seems like quite a big change? @ncooke3

Edit 1: updating to 10.29.0 seems to be OK so will start with that

Edit 2: here are release notes - I can't find any mention of all users getting logged out (yet)

[ncooke3]

Hi @kgaidis, this issue should only have effected macOS (because the key in question defaults to true on iOS).

Could you please try updating to 11.3.0 and see if you are still affected? 11.3 fixed an unrelated regression where users may be signed out in some cases if keychain sharing is used.

[kgaidis]

@ncooke3

I just tested 11.3.0, and based off this quick test, as you said, that issue seems to have gone away (there's a clear difference between 11.2.0 behavior and 11.3.0 behavior). Thank you!

Apologies for conflating the issues.

For some context (maybe interesting to get in the mind of SDK adopters), I was a little afraid to go straight to the newest (11.3.0 instead of 11.2.0) because adopting the latest SDK's during iOS 18.0 upgrade was a bumpy road with insta-crashes (not Firebase fault, Apple SDK issues). Because there were 20 days between September 10 release and September 30 release, I was guessing that 11.2.0 was stable since there were no "hotfixes." Maybe a big warning label for 11.2.0 release notes would have helped.

[paulb777]

Thanks for confirming.

[JCsplash]

This is still an issue for us when migrating to 11.3.0 on iOS. Users are still getting logged out every time immediately. Migrating to 10.29.0 works great with no problems. But every version above 11.0.0 has issues including the latest version 11.4.2. We have ~200K daily active users and it'd be too disruptive to have all of them log out. @ncooke3 do you have any suggestions here? Or is there a fix coming up that can prevent iOS users from getting logged out?

[ncooke3]

Hi @JCsplash, apologies for the trouble here. This was resolved for the other developer in this thread so I'm thinking something else could be at play. Could you please open a new issue and include the following information:

• whether this is affecting only one platform (iOS) or multiple platforms
• whether access groups are being used anywhere e.g. Auth.auth().useUserAccessGroup(_ accessGroup: String)
• whether iCloud sharing is enabled anywhere e.g. Auth.auth(). shareAuthStateAcrossDevices = true

Additionally, if you have a minimal reproducible example or repro instructions, that'd be helpful to include. Thank you!

[JCsplash]

Thanks @ncooke3 ! Here's the issue i just created:
#14011

To answer your questions: only iOS is affected, no access groups, and no icloud sharing. The moment a new build is installed with the new firebase iOS SDK on version 11.0.0+ user just gets logged out :(

[kgaidis]

In case it helps, to add more data here, 11.3 fixed the bug for my setup (Sign in with Apple and Anonymous Users).

Auth.auth().shareAuthStateAcrossDevices = true

try Auth.auth().useUserAccessGroup(...)