App wants to use your confidential info stored in firebase_auth with macos flutter

[notandyvee]

Description

As the title suggests, when I first submitted my app to testflight I noticed the dialog below. I found this issue on the firebase ios sdk repo. It should have been fixed. What I've done:

• Updated to the latest firebase flutter libs. Specifically 4.1.5 firebase auth.
• Enabled keychain sharing as described by the fix. I confirmed in the archive that the "keychain-access-groups" entitlement is present.

My observations.

• When the firebase_auth keychain is not present, I can build the app in debug locally and it works fine.
• With the keychain item now present, if I open a testflight build the dialog will always pop up until "Always Allow" is selected.
• If I log out and log back in with the testflight build the keychain dialog no longer pops up for the testflight build. But now pops up for my debug builds.
• If I update the app through testflight the keychain dialog comes back.

I was hestitant to post this here. But since a previously opened issue is also happening to me I figured it makes sense.

Any help avoiding this keychain issue on update? My fear is every time a user updates the app in production they will be prompted to enter their keychain info. Currently I am testing with testflight, which should be a final build anyways.

Reproducing the issue

• Use firebase auth 4.2.1.
• Flutter 3.0.2
• Need to be able to release on testflight using xcode archive.
• Make sure a keychain was created in debug.
• Opening in testflight build you will notice the popup.

Firebase SDK Version

10.0.0

Xcode Version

13.4.1

Installation Method

CocoaPods

Firebase Product(s)

Authentication

Targeted Platforms

macOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

No response

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

```yml PODS: - abseil/algorithm (1.20211102.0): - abseil/algorithm/algorithm (= 1.20211102.0) - abseil/algorithm/container (= 1.20211102.0) - abseil/algorithm/algorithm (1.20211102.0): - abseil/base/config - abseil/algorithm/container (1.20211102.0): - abseil/algorithm/algorithm - abseil/base/core_headers - abseil/meta/type_traits - abseil/base (1.20211102.0): - abseil/base/atomic_hook (= 1.20211102.0) - abseil/base/base (= 1.20211102.0) - abseil/base/base_internal (= 1.20211102.0) - abseil/base/config (= 1.20211102.0) - abseil/base/core_headers (= 1.20211102.0) - abseil/base/dynamic_annotations (= 1.20211102.0) - abseil/base/endian (= 1.20211102.0) - abseil/base/errno_saver (= 1.20211102.0) - abseil/base/fast_type_id (= 1.20211102.0) - abseil/base/log_severity (= 1.20211102.0) - abseil/base/malloc_internal (= 1.20211102.0) - abseil/base/pretty_function (= 1.20211102.0) - abseil/base/raw_logging_internal (= 1.20211102.0) - abseil/base/spinlock_wait (= 1.20211102.0) - abseil/base/strerror (= 1.20211102.0) - abseil/base/throw_delegate (= 1.20211102.0) - abseil/base/atomic_hook (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/base (1.20211102.0): - abseil/base/atomic_hook - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/log_severity - abseil/base/raw_logging_internal - abseil/base/spinlock_wait - abseil/meta/type_traits - abseil/base/base_internal (1.20211102.0): - abseil/base/config - abseil/meta/type_traits - abseil/base/config (1.20211102.0) - abseil/base/core_headers (1.20211102.0): - abseil/base/config - abseil/base/dynamic_annotations (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/endian (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/base/errno_saver (1.20211102.0): - abseil/base/config - abseil/base/fast_type_id (1.20211102.0): - abseil/base/config - abseil/base/log_severity (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/malloc_internal (1.20211102.0): - abseil/base/base - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/raw_logging_internal - abseil/base/pretty_function (1.20211102.0) - abseil/base/raw_logging_internal (1.20211102.0): - abseil/base/atomic_hook - abseil/base/config - abseil/base/core_headers - abseil/base/log_severity - abseil/base/spinlock_wait (1.20211102.0): - abseil/base/base_internal - abseil/base/core_headers - abseil/base/errno_saver - abseil/base/strerror (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/errno_saver - abseil/base/throw_delegate (1.20211102.0): - abseil/base/config - abseil/base/raw_logging_internal - abseil/container/common (1.20211102.0): - abseil/meta/type_traits - abseil/types/optional - abseil/container/compressed_tuple (1.20211102.0): - abseil/utility/utility - abseil/container/container_memory (1.20211102.0): - abseil/base/config - abseil/memory/memory - abseil/meta/type_traits - abseil/utility/utility - abseil/container/fixed_array (1.20211102.0): - abseil/algorithm/algorithm - abseil/base/config - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/throw_delegate - abseil/container/compressed_tuple - abseil/memory/memory - abseil/container/flat_hash_map (1.20211102.0): - abseil/algorithm/container - abseil/container/container_memory - abseil/container/hash_function_defaults - abseil/container/raw_hash_map - abseil/memory/memory - abseil/container/hash_function_defaults (1.20211102.0): - abseil/base/config - abseil/hash/hash - abseil/strings/cord - abseil/strings/strings - abseil/container/hash_policy_traits (1.20211102.0): - abseil/meta/type_traits - abseil/container/hashtable_debug_hooks (1.20211102.0): - abseil/base/config - abseil/container/hashtablez_sampler (1.20211102.0): - abseil/base/base - abseil/base/core_headers - abseil/container/have_sse - abseil/debugging/stacktrace - abseil/memory/memory - abseil/profiling/exponential_biased - abseil/profiling/sample_recorder - abseil/synchronization/synchronization - abseil/utility/utility - abseil/container/have_sse (1.20211102.0) - abseil/container/inlined_vector (1.20211102.0): - abseil/algorithm/algorithm - abseil/base/core_headers - abseil/base/throw_delegate - abseil/container/inlined_vector_internal - abseil/memory/memory - abseil/container/inlined_vector_internal (1.20211102.0): - abseil/base/core_headers - abseil/container/compressed_tuple - abseil/memory/memory - abseil/meta/type_traits - abseil/types/span - abseil/container/layout (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/meta/type_traits - abseil/strings/strings - abseil/types/span - abseil/utility/utility - abseil/container/raw_hash_map (1.20211102.0): - abseil/base/throw_delegate - abseil/container/container_memory - abseil/container/raw_hash_set - abseil/container/raw_hash_set (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/container/common - abseil/container/compressed_tuple - abseil/container/container_memory - abseil/container/hash_policy_traits - abseil/container/hashtable_debug_hooks - abseil/container/hashtablez_sampler - abseil/container/have_sse - abseil/memory/memory - abseil/meta/type_traits - abseil/numeric/bits - abseil/utility/utility - abseil/debugging/debugging_internal (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/errno_saver - abseil/base/raw_logging_internal - abseil/debugging/demangle_internal (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/debugging/stacktrace (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/debugging/debugging_internal - abseil/debugging/symbolize (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/malloc_internal - abseil/base/raw_logging_internal - abseil/debugging/debugging_internal - abseil/debugging/demangle_internal - abseil/strings/strings - abseil/functional/bind_front (1.20211102.0): - abseil/base/base_internal - abseil/container/compressed_tuple - abseil/meta/type_traits - abseil/utility/utility - abseil/functional/function_ref (1.20211102.0): - abseil/base/base_internal - abseil/base/core_headers - abseil/meta/type_traits - abseil/hash/city (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/hash/hash (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/container/fixed_array - abseil/hash/city - abseil/hash/low_level_hash - abseil/meta/type_traits - abseil/numeric/int128 - abseil/strings/strings - abseil/types/optional - abseil/types/variant - abseil/utility/utility - abseil/hash/low_level_hash (1.20211102.0): - abseil/base/config - abseil/base/endian - abseil/numeric/bits - abseil/numeric/int128 - abseil/memory (1.20211102.0): - abseil/memory/memory (= 1.20211102.0) - abseil/memory/memory (1.20211102.0): - abseil/base/core_headers - abseil/meta/type_traits - abseil/meta (1.20211102.0): - abseil/meta/type_traits (= 1.20211102.0) - abseil/meta/type_traits (1.20211102.0): - abseil/base/config - abseil/numeric/bits (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/numeric/int128 (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/numeric/bits - abseil/numeric/representation (1.20211102.0): - abseil/base/config - abseil/profiling/exponential_biased (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/profiling/sample_recorder (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/synchronization/synchronization - abseil/time/time - abseil/random/distributions (1.20211102.0): - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/meta/type_traits - abseil/numeric/bits - abseil/random/internal/distribution_caller - abseil/random/internal/fast_uniform_bits - abseil/random/internal/fastmath - abseil/random/internal/generate_real - abseil/random/internal/iostream_state_saver - abseil/random/internal/traits - abseil/random/internal/uniform_helper - abseil/random/internal/wide_multiply - abseil/strings/strings - abseil/random/internal/distribution_caller (1.20211102.0): - abseil/base/config - abseil/base/fast_type_id - abseil/utility/utility - abseil/random/internal/fast_uniform_bits (1.20211102.0): - abseil/base/config - abseil/meta/type_traits - abseil/random/internal/fastmath (1.20211102.0): - abseil/numeric/bits - abseil/random/internal/generate_real (1.20211102.0): - abseil/meta/type_traits - abseil/numeric/bits - abseil/random/internal/fastmath - abseil/random/internal/traits - abseil/random/internal/iostream_state_saver (1.20211102.0): - abseil/meta/type_traits - abseil/numeric/int128 - abseil/random/internal/nonsecure_base (1.20211102.0): - abseil/base/core_headers - abseil/meta/type_traits - abseil/random/internal/pool_urbg - abseil/random/internal/salted_seed_seq - abseil/random/internal/seed_material - abseil/types/optional - abseil/types/span - abseil/random/internal/pcg_engine (1.20211102.0): - abseil/base/config - abseil/meta/type_traits - abseil/numeric/bits - abseil/numeric/int128 - abseil/random/internal/fastmath - abseil/random/internal/iostream_state_saver - abseil/random/internal/platform (1.20211102.0): - abseil/base/config - abseil/random/internal/pool_urbg (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/base/raw_logging_internal - abseil/random/internal/randen - abseil/random/internal/seed_material - abseil/random/internal/traits - abseil/random/seed_gen_exception - abseil/types/span - abseil/random/internal/randen (1.20211102.0): - abseil/base/raw_logging_internal - abseil/random/internal/platform - abseil/random/internal/randen_hwaes - abseil/random/internal/randen_slow - abseil/random/internal/randen_engine (1.20211102.0): - abseil/base/endian - abseil/meta/type_traits - abseil/random/internal/iostream_state_saver - abseil/random/internal/randen - abseil/random/internal/randen_hwaes (1.20211102.0): - abseil/base/config - abseil/random/internal/platform - abseil/random/internal/randen_hwaes_impl - abseil/random/internal/randen_hwaes_impl (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/numeric/int128 - abseil/random/internal/platform - abseil/random/internal/randen_slow (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/numeric/int128 - abseil/random/internal/platform - abseil/random/internal/salted_seed_seq (1.20211102.0): - abseil/container/inlined_vector - abseil/meta/type_traits - abseil/random/internal/seed_material - abseil/types/optional - abseil/types/span - abseil/random/internal/seed_material (1.20211102.0): - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/raw_logging_internal - abseil/random/internal/fast_uniform_bits - abseil/strings/strings - abseil/types/optional - abseil/types/span - abseil/random/internal/traits (1.20211102.0): - abseil/base/config - abseil/random/internal/uniform_helper (1.20211102.0): - abseil/base/config - abseil/meta/type_traits - abseil/random/internal/traits - abseil/random/internal/wide_multiply (1.20211102.0): - abseil/base/config - abseil/numeric/bits - abseil/numeric/int128 - abseil/random/internal/traits - abseil/random/random (1.20211102.0): - abseil/random/distributions - abseil/random/internal/nonsecure_base - abseil/random/internal/pcg_engine - abseil/random/internal/pool_urbg - abseil/random/internal/randen_engine - abseil/random/seed_sequences - abseil/random/seed_gen_exception (1.20211102.0): - abseil/base/config - abseil/random/seed_sequences (1.20211102.0): - abseil/container/inlined_vector - abseil/random/internal/nonsecure_base - abseil/random/internal/pool_urbg - abseil/random/internal/salted_seed_seq - abseil/random/internal/seed_material - abseil/random/seed_gen_exception - abseil/types/span - abseil/status/status (1.20211102.0): - abseil/base/atomic_hook - abseil/base/config - abseil/base/core_headers - abseil/base/raw_logging_internal - abseil/container/inlined_vector - abseil/debugging/stacktrace - abseil/debugging/symbolize - abseil/functional/function_ref - abseil/strings/cord - abseil/strings/str_format - abseil/strings/strings - abseil/types/optional - abseil/status/statusor (1.20211102.0): - abseil/base/base - abseil/base/core_headers - abseil/base/raw_logging_internal - abseil/meta/type_traits - abseil/status/status - abseil/strings/strings - abseil/types/variant - abseil/utility/utility - abseil/strings/cord (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/base/raw_logging_internal - abseil/container/fixed_array - abseil/container/inlined_vector - abseil/functional/function_ref - abseil/meta/type_traits - abseil/strings/cord_internal - abseil/strings/cordz_functions - abseil/strings/cordz_info - abseil/strings/cordz_statistics - abseil/strings/cordz_update_scope - abseil/strings/cordz_update_tracker - abseil/strings/internal - abseil/strings/str_format - abseil/strings/strings - abseil/types/optional - abseil/strings/cord_internal (1.20211102.0): - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/base/raw_logging_internal - abseil/base/throw_delegate - abseil/container/compressed_tuple - abseil/container/inlined_vector - abseil/container/layout - abseil/functional/function_ref - abseil/meta/type_traits - abseil/strings/strings - abseil/types/span - abseil/strings/cordz_functions (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/raw_logging_internal - abseil/profiling/exponential_biased - abseil/strings/cordz_handle (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/raw_logging_internal - abseil/synchronization/synchronization - abseil/strings/cordz_info (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/base/raw_logging_internal - abseil/container/inlined_vector - abseil/debugging/stacktrace - abseil/strings/cord_internal - abseil/strings/cordz_functions - abseil/strings/cordz_handle - abseil/strings/cordz_statistics - abseil/strings/cordz_update_tracker - abseil/synchronization/synchronization - abseil/types/span - abseil/strings/cordz_statistics (1.20211102.0): - abseil/base/config - abseil/strings/cordz_update_tracker - abseil/strings/cordz_update_scope (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/strings/cord_internal - abseil/strings/cordz_info - abseil/strings/cordz_update_tracker - abseil/strings/cordz_update_tracker (1.20211102.0): - abseil/base/config - abseil/strings/internal (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/base/raw_logging_internal - abseil/meta/type_traits - abseil/strings/str_format (1.20211102.0): - abseil/strings/str_format_internal - abseil/strings/str_format_internal (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/functional/function_ref - abseil/meta/type_traits - abseil/numeric/bits - abseil/numeric/int128 - abseil/numeric/representation - abseil/strings/strings - abseil/types/optional - abseil/types/span - abseil/strings/strings (1.20211102.0): - abseil/base/base - abseil/base/config - abseil/base/core_headers - abseil/base/endian - abseil/base/raw_logging_internal - abseil/base/throw_delegate - abseil/memory/memory - abseil/meta/type_traits - abseil/numeric/bits - abseil/numeric/int128 - abseil/strings/internal - abseil/synchronization/graphcycles_internal (1.20211102.0): - abseil/base/base - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/base/malloc_internal - abseil/base/raw_logging_internal - abseil/synchronization/kernel_timeout_internal (1.20211102.0): - abseil/base/core_headers - abseil/base/raw_logging_internal - abseil/time/time - abseil/synchronization/synchronization (1.20211102.0): - abseil/base/atomic_hook - abseil/base/base - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/base/dynamic_annotations - abseil/base/malloc_internal - abseil/base/raw_logging_internal - abseil/debugging/stacktrace - abseil/debugging/symbolize - abseil/synchronization/graphcycles_internal - abseil/synchronization/kernel_timeout_internal - abseil/time/time - abseil/time (1.20211102.0): - abseil/time/internal (= 1.20211102.0) - abseil/time/time (= 1.20211102.0) - abseil/time/internal (1.20211102.0): - abseil/time/internal/cctz (= 1.20211102.0) - abseil/time/internal/cctz (1.20211102.0): - abseil/time/internal/cctz/civil_time (= 1.20211102.0) - abseil/time/internal/cctz/time_zone (= 1.20211102.0) - abseil/time/internal/cctz/civil_time (1.20211102.0): - abseil/base/config - abseil/time/internal/cctz/time_zone (1.20211102.0): - abseil/base/config - abseil/time/internal/cctz/civil_time - abseil/time/time (1.20211102.0): - abseil/base/base - abseil/base/core_headers - abseil/base/raw_logging_internal - abseil/numeric/int128 - abseil/strings/strings - abseil/time/internal/cctz/civil_time - abseil/time/internal/cctz/time_zone - abseil/types (1.20211102.0): - abseil/types/any (= 1.20211102.0) - abseil/types/bad_any_cast (= 1.20211102.0) - abseil/types/bad_any_cast_impl (= 1.20211102.0) - abseil/types/bad_optional_access (= 1.20211102.0) - abseil/types/bad_variant_access (= 1.20211102.0) - abseil/types/compare (= 1.20211102.0) - abseil/types/optional (= 1.20211102.0) - abseil/types/span (= 1.20211102.0) - abseil/types/variant (= 1.20211102.0) - abseil/types/any (1.20211102.0): - abseil/base/config - abseil/base/core_headers - abseil/base/fast_type_id - abseil/meta/type_traits - abseil/types/bad_any_cast - abseil/utility/utility - abseil/types/bad_any_cast (1.20211102.0): - abseil/base/config - abseil/types/bad_any_cast_impl - abseil/types/bad_any_cast_impl (1.20211102.0): - abseil/base/config - abseil/base/raw_logging_internal - abseil/types/bad_optional_access (1.20211102.0): - abseil/base/config - abseil/base/raw_logging_internal - abseil/types/bad_variant_access (1.20211102.0): - abseil/base/config - abseil/base/raw_logging_internal - abseil/types/compare (1.20211102.0): - abseil/base/core_headers - abseil/meta/type_traits - abseil/types/optional (1.20211102.0): - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/memory/memory - abseil/meta/type_traits - abseil/types/bad_optional_access - abseil/utility/utility - abseil/types/span (1.20211102.0): - abseil/algorithm/algorithm - abseil/base/core_headers - abseil/base/throw_delegate - abseil/meta/type_traits - abseil/types/variant (1.20211102.0): - abseil/base/base_internal - abseil/base/config - abseil/base/core_headers - abseil/meta/type_traits - abseil/types/bad_variant_access - abseil/utility/utility - abseil/utility/utility (1.20211102.0): - abseil/base/base_internal - abseil/base/config - abseil/meta/type_traits - BoringSSL-GRPC (0.0.24): - BoringSSL-GRPC/Implementation (= 0.0.24) - BoringSSL-GRPC/Interface (= 0.0.24) - BoringSSL-GRPC/Implementation (0.0.24): - BoringSSL-GRPC/Interface (= 0.0.24) - BoringSSL-GRPC/Interface (0.0.24) - cloud_firestore (4.1.0): - Firebase/CoreOnly (~> 10.2.0) - Firebase/Firestore (~> 10.2.0) - firebase_core - FlutterMacOS - nanopb (< 2.30910.0, >= 2.30908.0) - cloud_functions (4.0.5): - Firebase/CoreOnly (~> 10.2.0) - Firebase/Functions (~> 10.2.0) - firebase_core - FlutterMacOS - Firebase/Auth (10.2.0): - Firebase/CoreOnly - FirebaseAuth (~> 10.2.0) - Firebase/CoreOnly (10.2.0): - FirebaseCore (= 10.2.0) - Firebase/Firestore (10.2.0): - Firebase/CoreOnly - FirebaseFirestore (~> 10.2.0) - Firebase/Functions (10.2.0): - Firebase/CoreOnly - FirebaseFunctions (~> 10.2.0) - firebase_auth (4.1.5): - Firebase/Auth (~> 10.2.0) - Firebase/CoreOnly (~> 10.2.0) - firebase_core - FlutterMacOS - firebase_core (2.3.0): - Firebase/CoreOnly (~> 10.2.0) - FlutterMacOS - FirebaseAppCheckInterop (10.2.0) - FirebaseAuth (10.2.0): - FirebaseCore (~> 10.0) - GoogleUtilities/AppDelegateSwizzler (~> 7.8) - GoogleUtilities/Environment (~> 7.8) - GTMSessionFetcher/Core (< 4.0, >= 2.1) - FirebaseAuthInterop (10.2.0) - FirebaseCore (10.2.0): - FirebaseCoreInternal (~> 10.0) - GoogleUtilities/Environment (~> 7.8) - GoogleUtilities/Logger (~> 7.8) - FirebaseCoreExtension (10.2.0): - FirebaseCore (~> 10.0) - FirebaseCoreInternal (10.2.0): - "GoogleUtilities/NSData+zlib (~> 7.8)" - FirebaseFirestore (10.2.0): - abseil/algorithm (~> 1.20211102.0) - abseil/base (~> 1.20211102.0) - abseil/container/flat_hash_map (~> 1.20211102.0) - abseil/memory (~> 1.20211102.0) - abseil/meta (~> 1.20211102.0) - abseil/strings/strings (~> 1.20211102.0) - abseil/time (~> 1.20211102.0) - abseil/types (~> 1.20211102.0) - FirebaseCore (~> 10.0) - "gRPC-C++ (~> 1.44.0)" - leveldb-library (~> 1.22) - nanopb (< 2.30910.0, >= 2.30908.0) - FirebaseFunctions (10.2.0): - FirebaseAppCheckInterop (~> 10.0) - FirebaseAuthInterop (~> 10.0) - FirebaseCore (~> 10.0) - FirebaseCoreExtension (~> 10.0) - FirebaseMessagingInterop (~> 10.0) - FirebaseSharedSwift (~> 10.0) - GTMSessionFetcher/Core (< 4.0, >= 2.1) - FirebaseMessagingInterop (10.2.0) - FirebaseSharedSwift (10.2.0) - FlutterMacOS (1.0.0) - FMDB (2.7.5): - FMDB/standard (= 2.7.5) - FMDB/standard (2.7.5) - GoogleUtilities/AppDelegateSwizzler (7.10.0): - GoogleUtilities/Environment - GoogleUtilities/Logger - GoogleUtilities/Network - GoogleUtilities/Environment (7.10.0): - PromisesObjC (< 3.0, >= 1.2) - GoogleUtilities/Logger (7.10.0): - GoogleUtilities/Environment - GoogleUtilities/Network (7.10.0): - GoogleUtilities/Logger - "GoogleUtilities/NSData+zlib" - GoogleUtilities/Reachability - "GoogleUtilities/NSData+zlib (7.10.0)" - GoogleUtilities/Reachability (7.10.0): - GoogleUtilities/Logger - "gRPC-C++ (1.44.0)": - "gRPC-C++/Implementation (= 1.44.0)" - "gRPC-C++/Interface (= 1.44.0)" - "gRPC-C++/Implementation (1.44.0)": - abseil/base/base (= 1.20211102.0) - abseil/base/core_headers (= 1.20211102.0) - abseil/container/flat_hash_map (= 1.20211102.0) - abseil/container/inlined_vector (= 1.20211102.0) - abseil/functional/bind_front (= 1.20211102.0) - abseil/hash/hash (= 1.20211102.0) - abseil/memory/memory (= 1.20211102.0) - abseil/random/random (= 1.20211102.0) - abseil/status/status (= 1.20211102.0) - abseil/status/statusor (= 1.20211102.0) - abseil/strings/cord (= 1.20211102.0) - abseil/strings/str_format (= 1.20211102.0) - abseil/strings/strings (= 1.20211102.0) - abseil/synchronization/synchronization (= 1.20211102.0) - abseil/time/time (= 1.20211102.0) - abseil/types/optional (= 1.20211102.0) - abseil/types/variant (= 1.20211102.0) - abseil/utility/utility (= 1.20211102.0) - "gRPC-C++/Interface (= 1.44.0)" - gRPC-Core (= 1.44.0) - "gRPC-C++/Interface (1.44.0)" - gRPC-Core (1.44.0): - gRPC-Core/Implementation (= 1.44.0) - gRPC-Core/Interface (= 1.44.0) - gRPC-Core/Implementation (1.44.0): - abseil/base/base (= 1.20211102.0) - abseil/base/core_headers (= 1.20211102.0) - abseil/container/flat_hash_map (= 1.20211102.0) - abseil/container/inlined_vector (= 1.20211102.0) - abseil/functional/bind_front (= 1.20211102.0) - abseil/hash/hash (= 1.20211102.0) - abseil/memory/memory (= 1.20211102.0) - abseil/random/random (= 1.20211102.0) - abseil/status/status (= 1.20211102.0) - abseil/status/statusor (= 1.20211102.0) - abseil/strings/cord (= 1.20211102.0) - abseil/strings/str_format (= 1.20211102.0) - abseil/strings/strings (= 1.20211102.0) - abseil/synchronization/synchronization (= 1.20211102.0) - abseil/time/time (= 1.20211102.0) - abseil/types/optional (= 1.20211102.0) - abseil/types/variant (= 1.20211102.0) - abseil/utility/utility (= 1.20211102.0) - BoringSSL-GRPC (= 0.0.24) - gRPC-Core/Interface (= 1.44.0) - Libuv-gRPC (= 0.0.10) - gRPC-Core/Interface (1.44.0) - GTMSessionFetcher/Core (3.0.0) - leveldb-library (1.22.1) - Libuv-gRPC (0.0.10): - Libuv-gRPC/Implementation (= 0.0.10) - Libuv-gRPC/Interface (= 0.0.10) - Libuv-gRPC/Implementation (0.0.10): - Libuv-gRPC/Interface (= 0.0.10) - Libuv-gRPC/Interface (0.0.10) - nanopb (2.30909.0): - nanopb/decode (= 2.30909.0) - nanopb/encode (= 2.30909.0) - nanopb/decode (2.30909.0) - nanopb/encode (2.30909.0) - package_info_plus_macos (0.0.1): - FlutterMacOS - path_provider_macos (0.0.1): - FlutterMacOS - PromisesObjC (2.1.1) - Purchases (3.13.2): - PurchasesCoreSwift (= 3.13.2) - purchases_flutter (3.10.0): - FlutterMacOS - PurchasesHybridCommon (= 1.11.2) - PurchasesCoreSwift (3.13.2) - PurchasesHybridCommon (1.11.2): - Purchases (= 3.13.2) - screen_retriever (0.0.1): - FlutterMacOS - shared_preferences_macos (0.0.1): - FlutterMacOS - sqflite (0.0.2): - FlutterMacOS - FMDB (>= 2.7.5) - url_launcher_macos (0.0.1): - FlutterMacOS - window_manager (0.2.0): - FlutterMacOS DEPENDENCIES: - cloud_firestore (from `Flutter/ephemeral/.symlinks/plugins/cloud_firestore/macos`) - cloud_functions (from `Flutter/ephemeral/.symlinks/plugins/cloud_functions/macos`) - firebase_auth (from `Flutter/ephemeral/.symlinks/plugins/firebase_auth/macos`) - firebase_core (from `Flutter/ephemeral/.symlinks/plugins/firebase_core/macos`) - FlutterMacOS (from `Flutter/ephemeral`) - package_info_plus_macos (from `Flutter/ephemeral/.symlinks/plugins/package_info_plus_macos/macos`) - path_provider_macos (from `Flutter/ephemeral/.symlinks/plugins/path_provider_macos/macos`) - purchases_flutter (from `Flutter/ephemeral/.symlinks/plugins/purchases_flutter/macos`) - screen_retriever (from `Flutter/ephemeral/.symlinks/plugins/screen_retriever/macos`) - shared_preferences_macos (from `Flutter/ephemeral/.symlinks/plugins/shared_preferences_macos/macos`) - sqflite (from `Flutter/ephemeral/.symlinks/plugins/sqflite/macos`) - url_launcher_macos (from `Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos`) - window_manager (from `Flutter/ephemeral/.symlinks/plugins/window_manager/macos`) SPEC REPOS: trunk: - abseil - BoringSSL-GRPC - Firebase - FirebaseAppCheckInterop - FirebaseAuth - FirebaseAuthInterop - FirebaseCore - FirebaseCoreExtension - FirebaseCoreInternal - FirebaseFirestore - FirebaseFunctions - FirebaseMessagingInterop - FirebaseSharedSwift - FMDB - GoogleUtilities - "gRPC-C++" - gRPC-Core - GTMSessionFetcher - leveldb-library - Libuv-gRPC - nanopb - PromisesObjC - Purchases - PurchasesCoreSwift - PurchasesHybridCommon EXTERNAL SOURCES: cloud_firestore: :path: Flutter/ephemeral/.symlinks/plugins/cloud_firestore/macos cloud_functions: :path: Flutter/ephemeral/.symlinks/plugins/cloud_functions/macos firebase_auth: :path: Flutter/ephemeral/.symlinks/plugins/firebase_auth/macos firebase_core: :path: Flutter/ephemeral/.symlinks/plugins/firebase_core/macos FlutterMacOS: :path: Flutter/ephemeral package_info_plus_macos: :path: Flutter/ephemeral/.symlinks/plugins/package_info_plus_macos/macos path_provider_macos: :path: Flutter/ephemeral/.symlinks/plugins/path_provider_macos/macos purchases_flutter: :path: Flutter/ephemeral/.symlinks/plugins/purchases_flutter/macos screen_retriever: :path: Flutter/ephemeral/.symlinks/plugins/screen_retriever/macos shared_preferences_macos: :path: Flutter/ephemeral/.symlinks/plugins/shared_preferences_macos/macos sqflite: :path: Flutter/ephemeral/.symlinks/plugins/sqflite/macos url_launcher_macos: :path: Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos window_manager: :path: Flutter/ephemeral/.symlinks/plugins/window_manager/macos SPEC CHECKSUMS: abseil: ebe5b5529fb05d93a8bdb7951607be08b7fa71bc BoringSSL-GRPC: 3175b25143e648463a56daeaaa499c6cb86dad33 cloud_firestore: 5bfd8f92a2f11f9d25a0ee69303ca069cadc7637 cloud_functions: b74c3e431668d5a99088638954bb202d6b1b0686 Firebase: a3ea7eba4382afd83808376edb99acdaff078dcf firebase_auth: 89ed93a8d1d8f657fec8fe149bdeeb02e55c92d4 firebase_core: f6f75d92dcdd5ef1b43876017affde02b7b402ec FirebaseAppCheckInterop: af164d9c623f82174e3ffa54394dee189587c601 FirebaseAuth: 08e7739244eeae5216d0a3f8d9f16a76be9c252e FirebaseAuthInterop: 027d42ca8fec84dc6151566479af05095a0bd5c0 FirebaseCore: 813838072b797b64f529f3c2ee35e696e5641dd1 FirebaseCoreExtension: d08b424832917cf13612021574399afbbedffeef FirebaseCoreInternal: 091bde13e47bb1c5e9fe397634f3593dc390430f FirebaseFirestore: bda7a1ca8c19319a2acd2761cd4b962022c1d5ea FirebaseFunctions: eaa208f64f2f179f0ab9b775fecdec07fdd74d90 FirebaseMessagingInterop: b46e7fcf39c0e9b16841e258645a320a154af240 FirebaseSharedSwift: a160b39d4ce77be922b3d6ff009099c7294e36e5 FlutterMacOS: 57701585bf7de1b3fc2bb61f6378d73bbdea8424 FMDB: 2ce00b547f966261cd18927a3ddb07cb6f3db82a GoogleUtilities: bad72cb363809015b1f7f19beb1f1cd23c589f95 "gRPC-C++": 9675f953ace2b3de7c506039d77be1f2e77a8db2 gRPC-Core: 943e491cb0d45598b0b0eb9e910c88080369290b GTMSessionFetcher: c1edebe64e9fb4e8f6415d018edf1fd3eac074a1 leveldb-library: 50c7b45cbd7bf543c81a468fe557a16ae3db8729 Libuv-gRPC: 55e51798e14ef436ad9bc45d12d43b77b49df378 nanopb: b552cce312b6c8484180ef47159bc0f65a1f0431 package_info_plus_macos: f010621b07802a241d96d01876d6705f15e77c1c path_provider_macos: 3c0c3b4b0d4a76d2bf989a913c2de869c5641a19 PromisesObjC: ab77feca74fa2823e7af4249b8326368e61014cb Purchases: 03200de9288724e77de435000d1828601e6b8e00 purchases_flutter: ec56bb806ae9076a2edced385860f1fea4b30639 PurchasesCoreSwift: 2ea4b33e5cece5c8a0751594ef7c6cbfcbd747a9 PurchasesHybridCommon: 56ef42d85c3e930d49aff4ac5fa027373d2e1bb8 screen_retriever: 59634572a57080243dd1bf715e55b6c54f241a38 shared_preferences_macos: a64dc611287ed6cbe28fd1297898db1336975727 sqflite: a5789cceda41d54d23f31d6de539d65bb14100ea url_launcher_macos: 597e05b8e514239626bcf4a850fcf9ef5c856ec3 window_manager: 3a1844359a6295ab1e47659b1a777e36773cd6e8 PODFILE CHECKSUM: a884f6dd3f7494f3892ee6c81feea3a3abbf9153 COCOAPODS: 1.11.3 ```

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[notandyvee]

@ncooke3 no rush. But just curious if you are able to reproduce? Or if you have an ETA on when you can get to this?

[ncooke3]

Hi @notandyvee, so if you build and run the app in release mode, does the issue also reproduce?

[ncooke3]

Also, what is your macOS version?

[notandyvee]

Hi @notandyvee, so if you build and run the app in release mode, does the issue also reproduce?

Just tried it. Interestingly it does not happen when running it in release mode with the firebase auth keychain created in the development mode. I guess thats not surprising as I noticed it also worked normally when in profile mode.

Also, what is your macOS version?

MacOS 12.6

[ncooke3]

Hmm interesting... Question, is your project configured in such a way that you can edit the source code in Firebase Auth? Specifically, FirebaseAuth/Sources/Storage/FIRAuthKeychainServices.m? I have a few ideas to narrow down where the prompt is coming from.

[notandyvee]

I'm not gonna lie. I don't really fully understand the setup. Left it mostly as the flutter default. But I can see the file you are talking about. Just not in the same path as what you posted. So not sure if I can edit it. Do you have a specific root folder I can search in to look?

[ncooke3]

No worries–– and that looks right. It should let you edit it (you might have to "unlock" it in a dialog box that pops up when you try to do so). If it does, locate the genericPasswordQueryWithKey method on line 228.

Replace it with the following:

- (NSDictionary *)genericPasswordQueryWithKey:(NSString *)key {
  NSMutableDictionary *query = @{
    (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
    (__bridge id)kSecAttrAccount : [kAccountPrefix stringByAppendingString:key],
    (__bridge id)kSecAttrService : _service,
  }.mutableCopy;

  if (@available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *)) {
    query[(__bridge id)kSecUseDataProtectionKeychain] = (__bridge id)kCFBooleanTrue;
  }

  return [query copy];
}

And then try reproducing the issue again.

[notandyvee]

Sorry for the delay @ncooke3 . Pushed a new testflight build. The pop up is gone, but because now the existing keychain wasn't recognized. I verified that firebase_auth keychain exists. But had to re-login. When logging in the resulting keychain looks like this.

Edit: How do I undo the change when doing things like this? After xcode is closed and re-open I mean.

[ncooke3]

Sorry, what exactly do you mean by "but because now the existing keychain wasn't recognized."? I'm trying to determine if this helped or not. Did successive calls to the new keychain yield a pop up?

Edit: How do I undo the change when doing things like this? After xcode is closed and re-open I mean.

You can copy and paste the implementation from here: https://github.com/firebase/firebase-ios-sdk/blob/c24031ad9410c746c49deddc739fdf311a386fc7/FirebaseAuth/Sources/Storage/FIRAuthKeychainServices.m#L228-L234 This is the corresponding implementation for Firebase Auth 10.2.0, which your Podfile.lock shows is being used.

[notandyvee]

Damn. Apologies for the wasted cycles here. It was not clear what was happening. So to be clear, the change you made should stop using the old keychain row, which will be of type "login" and my app should now be using the "iCloud" keychain? In essence a re-auth is expected? When I noticed that I stopped testing thinking it was not expected since it "appeared" wrong.

Assuming my assumption above is correct, I tested a few scenarios with your test change on genericPasswordQueryWithKey:

• Pushed a testflight build and logged in. This created the new keychain.
• Run app in development. No pop up.
• Increment build to push for testflight. Updated and no pop up.

Did successive calls to the new keychain yield a pop up?

Your method change did not yield pop ups when using builds in development and testflight. When updating a testflight build no popups occur either. It's like they are now sharing the same keychain properly. This is great news. Thank you.

Now whats the next steps here for this fix? Is it safe to use this code temporarily to avoid the popups? Or should I wait for a proper prod fix?

Again, extremely appreciative in such quick turn around here 🙏🏻 .

[ncooke3]

No worries– macOS keychain debugging is pretty confusing!

So to be clear, the change you made should stop using the old keychain row, which will be of type "login" and my app should now be using the "iCloud" keychain? In essence a re-auth is expected?

Yes, the new flag will use the data protection keychain rather than the traditional file based keychain. This is the only way that I know of to make the macOS keychain behave like the iOS one. Apple released a good tech note on this recently that helped fill in the gaps of my keychain knowledge so check it out if you're interested. There are two inevitable drawbacks worth calling out with the updated implementation:

• macOS devices running under 10.15 will still see the pop-ups (might not be an issue if your targeting >= 10.15)

• as you saw, updating the implementation meant using a new keychain for storing Auth credentials. You mentioned:

  In essence a re-auth is expected?

  Were you logged out the first launch after the update? I'll have to double check with the Auth team as I'm not 100% sure the effect of switching keychains but I would expect there to be a one-time cost where users would have to re-auth so the credentials can be safely stored in the new, pop-up free keychain.

I'll check with the Auth team after the holidays and move to getting this out in a release!

In the meantime, I think it's safe to use this local edit to unblock yourself–– all of Firebase's other keychain usage now use this new attribute (I must have missed this particular API surface). I would just do some extra manual testing with the test flight builds to ensure auth is functioning as expected after updating (apart from the need to re-auth). Let me know if you notice any interesting behavior!

[notandyvee]

Apple released a good tech note on this recently that helped fill in the gaps of my keychain knowledge so check it out if you're interested.

Thanks for the link. Does actually help in understanding why this was a problem.

Were you logged out the first launch after the update?

That's a great question. The setup I have should automatically respond to auth changes. I don't log users out automatically, so it would have to be in response to the auth SDK callback. Definitely confirm with the auth team. I can take the one time hit as I'm waiting to release so it doesn't bother me at the moment.

In the meantime, I think it's safe to use this local edit to unblock yourself

Question about that. So I'm cool doing that. What happens when I update the firebase libs before this fix is included? Would those files be deleted and a fresh copy from the release be used? Meaning, would I need to manually edit genericPasswordQueryWithKey every update until a fix is included? Or would the local change persist updates?

Coming from the Android world, editing libraries like that is magical haha. Have no idea what to expect.

[ncooke3]

What happens when I update the firebase libs before this fix is included? Would those files be deleted and a fresh copy from the release be used? Meaning, would I need to manually edit genericPasswordQueryWithKey every update until a fix is included?

Yep– if you update the Firebase libs before the fix is scheduled, those files will be deleted and a fresh copy from the release will be cached for your app's xcworkspace. So, you're correct that you will have to manually edit genericPasswordQueryWithKey every update.

Or would the local change persist updates?

For reasoning above, no – the local change would not persist.

[larssn]

We've been seeing this issue in a TestFlight downloaded Flutter iOS app to an M1 MacOS.

Can see in Podfile.lock that we're on 10.3.0.

The error exposed is: An error occurred when accessing the keychain. The NSLocalizedFailureReasonErrorKey field in the NSError.userInfo dictionary will contain more information about the error encountered.

Just wanted to give a heads up.

[larssn]

This thread solved it for us: https://github.com/google/GoogleSignIn-iOS/issues/165

Specifically, adding a capability of "Keychain Sharing", and then a key with com.google.GIDSignIn.

Ps. The code in https://github.com/firebase/firebase-ios-sdk/issues/10582#issuecomment-1360619667 didn't do anything to fix this specific issue.

[notandyvee]

@larssn the issue you are referencing seems similar but unrelated at first glance. I had also turned on keychain sharing but my issue is not a google sign in issue. Does this mean if I use google sign in I need to add the keychain sharing capability with com.google.GIDSignIn?

[larssn]

Tbh I haven't looked into it in detail. We're two people who need TestFlight access on iOS to our app, and all I concluded was that the above fixed it.

You might be right that it's an entirely different issue.

[ncooke3]

Hi @notandyvee, checking in to see if the original solution is working as expected?

[google-oss-bot]

Hey @notandyvee. We need more information to resolve this issue but there hasn't been an update in 5 weekdays. I'm marking the issue as stale and if there are no new updates in the next 5 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

[notandyvee]

Sorry for the late response @ncooke3 .

Hi @notandyvee, checking in to see if the original solution is working as expected?

Yes. Your solution fixed the issue I was having when updating the method as you instructed.

[ncooke3]

Hi @notandyvee, apologies for the delay. I have since staged this fix in the next release, which should release sometime during the week of February 7th.

Thanks for reporting the issue and don't hesitate to reach out on this thread if you run into anymore trouble!