search

firebase / firebase-ios-sdk

Firebase SDK for Apple App Development
https://firebase.google.com
Apache License 2.0
5.55k stars 1.45k forks source link

When upgrading from 10.29.0 to 11.0.0 the user gets logged out. #13662

Open knopp opened 1 day ago

knopp commented 1 day ago

Description

The reason for this is that new version can not read the keychain entry due to kSecUseDataProtectionKeychain.

This is genericPasswordQueryWithKey: from 10.29.0:

- (NSDictionary *)genericPasswordQueryWithKey:(NSString *)key {
  NSMutableDictionary *query = @{
    (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
    (__bridge id)kSecAttrAccount : [kAccountPrefix stringByAppendingString:key],
    (__bridge id)kSecAttrService : _service,
  }
                                   .mutableCopy;

  // TODO(ncooke3): Refactor Auth to provide a user defaults based
  // implementation for unit testing purposes on macOS.
#ifndef FIREBASE_AUTH_MACOS_TESTING
  // The below key prevents keychain popups from appearing on the client. It
  // requires a configured provisioing profile to function properly–– which
  // cannot be checked into the repo. Rather than disable most of the Auth
  // testing suite on macOS, the key is omitted. Paired with the
  // `scripts/configure_test_keychain.sh` script, the popups do not block CI.
  // See go/firebase-macos-keychain-popups for more details.
  if (@available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *)) {
    query[(__bridge id)kSecUseDataProtectionKeychain] = (__bridge id)kCFBooleanTrue;
  }
#endif  // FIREBASE_AUTH_MACOS_TESTING

  return [query copy];
}

On the surface it seems like it is setting the kSecUseDataProtectionKeychain flag. However it's not really, because FIREBASE_AUTH_MACOS_TESTING is defined to 1 in FirebaseAuth.podspec. So the code inside #ifndef is never included and the kSecUseDataProtectionKeychain flag is never set.

Compared to that, the new swift version is actually setting the kSecUseDataProtectionKechain flag:

  private func genericPasswordQuery(key: String) -> [String: Any] {
    if key.isEmpty {
      fatalError("The key cannot be empty.")
    }
    var query: [String: Any] = [
      kSecClass as String: kSecClassGenericPassword,
      kSecAttrAccount as String: kAccountPrefix + key,
      kSecAttrService as String: service,
    ]
    if #available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *) {
        query[kSecUseDataProtectionKeychain as String] = true
    }
    return query
  }

This seems like a rather painful regression and the flag should probably be disabled until there is migration in place?

Reproducing the issue

No response

Firebase SDK Version

11.0

Xcode Version

15.4

Installation Method

CocoaPods

Firebase Product(s)

Authentication

Targeted Platforms

macOS

Relevant Log Output

No response

If using Swift Package Manager, the project's Package.resolved

No response

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet
```yml PODS: - app_links (1.0.0): - FlutterMacOS - AppAuth (1.7.5): - AppAuth/Core (= 1.7.5) - AppAuth/ExternalUserAgent (= 1.7.5) - AppAuth/Core (1.7.5) - AppAuth/ExternalUserAgent (1.7.5): - AppAuth/Core - audioplayers_darwin (0.0.1): - FlutterMacOS - cupertino_http (0.0.1): - FlutterMacOS - device_info_plus (0.0.1): - FlutterMacOS - emoji_picker_flutter (0.0.1): - FlutterMacOS - file_selector_macos (0.0.1): - FlutterMacOS - Firebase/Analytics (11.0.0): - Firebase/Core - Firebase/Auth (11.0.0): - Firebase/CoreOnly - FirebaseAuth (~> 11.0.0) - Firebase/Core (11.0.0): - Firebase/CoreOnly - FirebaseAnalytics (~> 11.0.0) - Firebase/CoreOnly (11.0.0): - FirebaseCore (= 11.0.0) - Firebase/Messaging (11.0.0): - Firebase/CoreOnly - FirebaseMessaging (~> 11.0.0) - Firebase/RemoteConfig (11.0.0): - Firebase/CoreOnly - FirebaseRemoteConfig (~> 11.0.0) - firebase_analytics (11.3.1): - Firebase/Analytics (= 11.0.0) - firebase_core - FlutterMacOS - firebase_auth (5.2.1): - Firebase/Auth (~> 11.0.0) - Firebase/CoreOnly (~> 11.0.0) - firebase_core - FlutterMacOS - firebase_core (3.4.1): - Firebase/CoreOnly (~> 11.0.0) - FlutterMacOS - firebase_messaging (15.1.1): - Firebase/CoreOnly (~> 11.0.0) - Firebase/Messaging (~> 11.0.0) - firebase_core - FlutterMacOS - firebase_remote_config (5.1.1): - Firebase/CoreOnly (~> 11.0.0) - Firebase/RemoteConfig (~> 11.0.0) - firebase_core - FlutterMacOS - FirebaseABTesting (11.2.0): - FirebaseCore (~> 11.0) - FirebaseAnalytics (11.0.0): - FirebaseAnalytics/AdIdSupport (= 11.0.0) - FirebaseCore (~> 11.0) - FirebaseInstallations (~> 11.0) - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/MethodSwizzler (~> 8.0) - GoogleUtilities/Network (~> 8.0) - "GoogleUtilities/NSData+zlib (~> 8.0)" - nanopb (~> 3.30910.0) - FirebaseAnalytics/AdIdSupport (11.0.0): - FirebaseCore (~> 11.0) - FirebaseInstallations (~> 11.0) - GoogleAppMeasurement (= 11.0.0) - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/MethodSwizzler (~> 8.0) - GoogleUtilities/Network (~> 8.0) - "GoogleUtilities/NSData+zlib (~> 8.0)" - nanopb (~> 3.30910.0) - FirebaseAppCheckInterop (11.2.0) - FirebaseAuth (11.0.0): - FirebaseAppCheckInterop (~> 11.0) - FirebaseAuthInterop (~> 11.0) - FirebaseCore (~> 11.0) - FirebaseCoreExtension (~> 11.0) - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/Environment (~> 8.0) - GTMSessionFetcher/Core (~> 3.4) - RecaptchaInterop (~> 100.0) - FirebaseAuthInterop (11.2.0) - FirebaseCore (11.0.0): - FirebaseCoreInternal (~> 11.0) - GoogleUtilities/Environment (~> 8.0) - GoogleUtilities/Logger (~> 8.0) - FirebaseCoreExtension (11.2.0): - FirebaseCore (~> 11.0) - FirebaseCoreInternal (11.2.0): - "GoogleUtilities/NSData+zlib (~> 8.0)" - FirebaseInstallations (11.2.0): - FirebaseCore (~> 11.0) - GoogleUtilities/Environment (~> 8.0) - GoogleUtilities/UserDefaults (~> 8.0) - PromisesObjC (~> 2.4) - FirebaseMessaging (11.0.0): - FirebaseCore (~> 11.0) - FirebaseInstallations (~> 11.0) - GoogleDataTransport (~> 10.0) - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/Environment (~> 8.0) - GoogleUtilities/Reachability (~> 8.0) - GoogleUtilities/UserDefaults (~> 8.0) - nanopb (~> 3.30910.0) - FirebaseRemoteConfig (11.0.0): - FirebaseABTesting (~> 11.0) - FirebaseCore (~> 11.0) - FirebaseInstallations (~> 11.0) - FirebaseRemoteConfigInterop (~> 11.0) - FirebaseSharedSwift (~> 11.0) - GoogleUtilities/Environment (~> 8.0) - "GoogleUtilities/NSData+zlib (~> 8.0)" - FirebaseRemoteConfigInterop (11.2.0) - FirebaseSharedSwift (11.2.0) - flutter_local_notifications (0.0.1): - FlutterMacOS - flutter_timezone (0.1.0): - FlutterMacOS - FlutterMacOS (1.0.0) - google_sign_in_ios (0.0.1): - AppAuth (>= 1.7.4) - Flutter - FlutterMacOS - GoogleSignIn (~> 7.1) - GTMSessionFetcher (>= 3.4.0) - GoogleAppMeasurement (11.0.0): - GoogleAppMeasurement/AdIdSupport (= 11.0.0) - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/MethodSwizzler (~> 8.0) - GoogleUtilities/Network (~> 8.0) - "GoogleUtilities/NSData+zlib (~> 8.0)" - nanopb (~> 3.30910.0) - GoogleAppMeasurement/AdIdSupport (11.0.0): - GoogleAppMeasurement/WithoutAdIdSupport (= 11.0.0) - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/MethodSwizzler (~> 8.0) - GoogleUtilities/Network (~> 8.0) - "GoogleUtilities/NSData+zlib (~> 8.0)" - nanopb (~> 3.30910.0) - GoogleAppMeasurement/WithoutAdIdSupport (11.0.0): - GoogleUtilities/AppDelegateSwizzler (~> 8.0) - GoogleUtilities/MethodSwizzler (~> 8.0) - GoogleUtilities/Network (~> 8.0) - "GoogleUtilities/NSData+zlib (~> 8.0)" - nanopb (~> 3.30910.0) - GoogleDataTransport (10.1.0): - nanopb (~> 3.30910.0) - PromisesObjC (~> 2.4) - GoogleSignIn (7.1.0): - AppAuth (< 2.0, >= 1.7.3) - GTMAppAuth (< 5.0, >= 4.1.1) - GTMSessionFetcher/Core (~> 3.3) - GoogleUtilities/AppDelegateSwizzler (8.0.2): - GoogleUtilities/Environment - GoogleUtilities/Logger - GoogleUtilities/Network - GoogleUtilities/Privacy - GoogleUtilities/Environment (8.0.2): - GoogleUtilities/Privacy - GoogleUtilities/Logger (8.0.2): - GoogleUtilities/Environment - GoogleUtilities/Privacy - GoogleUtilities/MethodSwizzler (8.0.2): - GoogleUtilities/Logger - GoogleUtilities/Privacy - GoogleUtilities/Network (8.0.2): - GoogleUtilities/Logger - "GoogleUtilities/NSData+zlib" - GoogleUtilities/Privacy - GoogleUtilities/Reachability - "GoogleUtilities/NSData+zlib (8.0.2)": - GoogleUtilities/Privacy - GoogleUtilities/Privacy (8.0.2) - GoogleUtilities/Reachability (8.0.2): - GoogleUtilities/Logger - GoogleUtilities/Privacy - GoogleUtilities/UserDefaults (8.0.2): - GoogleUtilities/Logger - GoogleUtilities/Privacy - GTMAppAuth (4.1.1): - AppAuth/Core (~> 1.7) - GTMSessionFetcher/Core (< 4.0, >= 3.3) - GTMSessionFetcher (3.5.0): - GTMSessionFetcher/Full (= 3.5.0) - GTMSessionFetcher/Core (3.5.0) - GTMSessionFetcher/Full (3.5.0): - GTMSessionFetcher/Core - in_app_review (0.2.0): - FlutterMacOS - irondash_engine_context (0.0.1): - FlutterMacOS - nanopb (3.30910.0): - nanopb/decode (= 3.30910.0) - nanopb/encode (= 3.30910.0) - nanopb/decode (3.30910.0) - nanopb/encode (3.30910.0) - package_info_plus (0.0.1): - FlutterMacOS - path_provider_foundation (0.0.1): - Flutter - FlutterMacOS - PromisesObjC (2.4.0) - purchases_flutter (8.1.1): - FlutterMacOS - PurchasesHybridCommon (= 13.2.0) - PurchasesHybridCommon (13.2.0): - RevenueCat (= 5.3.1) - record_darwin (1.0.0): - Flutter - FlutterMacOS - RevenueCat (5.3.1) - rive_common (0.0.1): - FlutterMacOS - Sentry/HybridSDK (8.36.0) - sentry_flutter (8.9.0): - Flutter - FlutterMacOS - Sentry/HybridSDK (= 8.36.0) - shared_preferences_foundation (0.0.1): - Flutter - FlutterMacOS - sign_in_with_apple (0.0.1): - FlutterMacOS - Sparkle (2.6.4) - sqflite (0.0.3): - Flutter - FlutterMacOS - "sqlite3 (3.46.1+1)": - "sqlite3/common (= 3.46.1+1)" - "sqlite3/common (3.46.1+1)" - "sqlite3/dbstatvtab (3.46.1+1)": - sqlite3/common - "sqlite3/fts5 (3.46.1+1)": - sqlite3/common - "sqlite3/perf-threadsafe (3.46.1+1)": - sqlite3/common - "sqlite3/rtree (3.46.1+1)": - sqlite3/common - sqlite3_flutter_libs (0.0.1): - FlutterMacOS - "sqlite3 (~> 3.46.0+1)" - sqlite3/dbstatvtab - sqlite3/fts5 - sqlite3/perf-threadsafe - sqlite3/rtree - super_audio_macos (0.1.0): - FlutterMacOS - super_native_extensions (0.0.1): - FlutterMacOS - url_launcher_macos (0.0.1): - FlutterMacOS DEPENDENCIES: - app_links (from `Flutter/ephemeral/.symlinks/plugins/app_links/macos`) - audioplayers_darwin (from `Flutter/ephemeral/.symlinks/plugins/audioplayers_darwin/macos`) - cupertino_http (from `Flutter/ephemeral/.symlinks/plugins/cupertino_http/macos`) - device_info_plus (from `Flutter/ephemeral/.symlinks/plugins/device_info_plus/macos`) - emoji_picker_flutter (from `Flutter/ephemeral/.symlinks/plugins/emoji_picker_flutter/macos`) - file_selector_macos (from `Flutter/ephemeral/.symlinks/plugins/file_selector_macos/macos`) - firebase_analytics (from `Flutter/ephemeral/.symlinks/plugins/firebase_analytics/macos`) - firebase_auth (from `Flutter/ephemeral/.symlinks/plugins/firebase_auth/macos`) - firebase_core (from `Flutter/ephemeral/.symlinks/plugins/firebase_core/macos`) - firebase_messaging (from `Flutter/ephemeral/.symlinks/plugins/firebase_messaging/macos`) - firebase_remote_config (from `Flutter/ephemeral/.symlinks/plugins/firebase_remote_config/macos`) - flutter_local_notifications (from `Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos`) - flutter_timezone (from `Flutter/ephemeral/.symlinks/plugins/flutter_timezone/macos`) - FlutterMacOS (from `Flutter/ephemeral`) - google_sign_in_ios (from `Flutter/ephemeral/.symlinks/plugins/google_sign_in_ios/darwin`) - in_app_review (from `Flutter/ephemeral/.symlinks/plugins/in_app_review/macos`) - irondash_engine_context (from `Flutter/ephemeral/.symlinks/plugins/irondash_engine_context/macos`) - package_info_plus (from `Flutter/ephemeral/.symlinks/plugins/package_info_plus/macos`) - path_provider_foundation (from `Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/darwin`) - purchases_flutter (from `Flutter/ephemeral/.symlinks/plugins/purchases_flutter/macos`) - record_darwin (from `Flutter/ephemeral/.symlinks/plugins/record_darwin/macos`) - rive_common (from `Flutter/ephemeral/.symlinks/plugins/rive_common/macos`) - sentry_flutter (from `Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos`) - shared_preferences_foundation (from `Flutter/ephemeral/.symlinks/plugins/shared_preferences_foundation/darwin`) - sign_in_with_apple (from `Flutter/ephemeral/.symlinks/plugins/sign_in_with_apple/macos`) - Sparkle - sqflite (from `Flutter/ephemeral/.symlinks/plugins/sqflite/darwin`) - sqlite3 - sqlite3_flutter_libs (from `Flutter/ephemeral/.symlinks/plugins/sqlite3_flutter_libs/macos`) - super_audio_macos (from `Flutter/ephemeral/.symlinks/plugins/super_audio_macos/macos`) - super_native_extensions (from `Flutter/ephemeral/.symlinks/plugins/super_native_extensions/macos`) - url_launcher_macos (from `Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos`) SPEC REPOS: trunk: - AppAuth - Firebase - FirebaseABTesting - FirebaseAnalytics - FirebaseAppCheckInterop - FirebaseAuth - FirebaseAuthInterop - FirebaseCore - FirebaseCoreExtension - FirebaseCoreInternal - FirebaseInstallations - FirebaseMessaging - FirebaseRemoteConfig - FirebaseRemoteConfigInterop - FirebaseSharedSwift - GoogleAppMeasurement - GoogleDataTransport - GoogleSignIn - GoogleUtilities - GTMAppAuth - GTMSessionFetcher - nanopb - PromisesObjC - PurchasesHybridCommon - RevenueCat - Sentry - Sparkle - sqlite3 EXTERNAL SOURCES: app_links: :path: Flutter/ephemeral/.symlinks/plugins/app_links/macos audioplayers_darwin: :path: Flutter/ephemeral/.symlinks/plugins/audioplayers_darwin/macos cupertino_http: :path: Flutter/ephemeral/.symlinks/plugins/cupertino_http/macos device_info_plus: :path: Flutter/ephemeral/.symlinks/plugins/device_info_plus/macos emoji_picker_flutter: :path: Flutter/ephemeral/.symlinks/plugins/emoji_picker_flutter/macos file_selector_macos: :path: Flutter/ephemeral/.symlinks/plugins/file_selector_macos/macos firebase_analytics: :path: Flutter/ephemeral/.symlinks/plugins/firebase_analytics/macos firebase_auth: :path: Flutter/ephemeral/.symlinks/plugins/firebase_auth/macos firebase_core: :path: Flutter/ephemeral/.symlinks/plugins/firebase_core/macos firebase_messaging: :path: Flutter/ephemeral/.symlinks/plugins/firebase_messaging/macos firebase_remote_config: :path: Flutter/ephemeral/.symlinks/plugins/firebase_remote_config/macos flutter_local_notifications: :path: Flutter/ephemeral/.symlinks/plugins/flutter_local_notifications/macos flutter_timezone: :path: Flutter/ephemeral/.symlinks/plugins/flutter_timezone/macos FlutterMacOS: :path: Flutter/ephemeral google_sign_in_ios: :path: Flutter/ephemeral/.symlinks/plugins/google_sign_in_ios/darwin in_app_review: :path: Flutter/ephemeral/.symlinks/plugins/in_app_review/macos irondash_engine_context: :path: Flutter/ephemeral/.symlinks/plugins/irondash_engine_context/macos package_info_plus: :path: Flutter/ephemeral/.symlinks/plugins/package_info_plus/macos path_provider_foundation: :path: Flutter/ephemeral/.symlinks/plugins/path_provider_foundation/darwin purchases_flutter: :path: Flutter/ephemeral/.symlinks/plugins/purchases_flutter/macos record_darwin: :path: Flutter/ephemeral/.symlinks/plugins/record_darwin/macos rive_common: :path: Flutter/ephemeral/.symlinks/plugins/rive_common/macos sentry_flutter: :path: Flutter/ephemeral/.symlinks/plugins/sentry_flutter/macos shared_preferences_foundation: :path: Flutter/ephemeral/.symlinks/plugins/shared_preferences_foundation/darwin sign_in_with_apple: :path: Flutter/ephemeral/.symlinks/plugins/sign_in_with_apple/macos sqflite: :path: Flutter/ephemeral/.symlinks/plugins/sqflite/darwin sqlite3_flutter_libs: :path: Flutter/ephemeral/.symlinks/plugins/sqlite3_flutter_libs/macos super_audio_macos: :path: Flutter/ephemeral/.symlinks/plugins/super_audio_macos/macos super_native_extensions: :path: Flutter/ephemeral/.symlinks/plugins/super_native_extensions/macos url_launcher_macos: :path: Flutter/ephemeral/.symlinks/plugins/url_launcher_macos/macos SPEC CHECKSUMS: app_links: 10e0a0ab602ffaf34d142cd4862f29d34b303b2a AppAuth: 501c04eda8a8d11f179dbe8637b7a91bb7e5d2fa audioplayers_darwin: dcad41de4fbd0099cb3749f7ab3b0cb8f70b810c cupertino_http: 1d506209e339211efa0764caa7b2de4bc55b6818 device_info_plus: ce1b7762849d3ec103d0e0517299f2db7ad60720 emoji_picker_flutter: 533634326b1c5de9a181ba14b9758e6dfe967a20 file_selector_macos: 54fdab7caa3ac3fc43c9fac4d7d8d231277f8cf2 Firebase: 9f574c08c2396885b5e7e100ed4293d956218af9 firebase_analytics: 2169e28bb3ee1f765efe0fd4f5b5f625d92fda13 firebase_auth: 64a63f92c1b46ad6c11d5384ca2c9f94d7106647 firebase_core: 3f80bec72646b26618f0497e74ce8bcd608f03ca firebase_messaging: ce70e6615f0cd906d80b7a651b960d76dad6de56 firebase_remote_config: 40f016ccd269ace2fe50d67ab51d872c79937b9b FirebaseABTesting: 2104d957ce33888a3d6f3bde298cdee376dde8f1 FirebaseAnalytics: 27eb78b97880ea4a004839b9bac0b58880f5a92a FirebaseAppCheckInterop: ea21450529cf0ebd132788dd8916a0269abc684f FirebaseAuth: d5cf28be74d7e82257f6a3f717509eff70d3cf4a FirebaseAuthInterop: 47c09558af5d1b31f16fb352387c72d4804f4a24 FirebaseCore: 3cf438f431f18c12cdf2aaf64434648b63f7e383 FirebaseCoreExtension: cda74ddfb001224bd8fd1d6e74698b4ed07803de FirebaseCoreInternal: 0c569513412da9f3b31bd0b340013bbee8f295c5 FirebaseInstallations: 771177d89d6c451dc6e50085ec82e2fc77ed0a4a FirebaseMessaging: d2d1d9c62c46dd2db49a952f7deb5b16ad2c9742 FirebaseRemoteConfig: fe8b7e6d6770fefbde27b0cac3f3deffba6e7326 FirebaseRemoteConfigInterop: 477b26fdeb8fb5fbaf22fa9db5343b42289dc7db FirebaseSharedSwift: 7a0d78d155ede78407f0fdc89fbc914014c7c540 flutter_local_notifications: 3805ca215b2fb7f397d78b66db91f6a747af52e4 flutter_timezone: 6b906d1740654acb16e50b639835628fea851037 FlutterMacOS: 8f6f14fa908a6fb3fba0cd85dbd81ec4b251fb24 google_sign_in_ios: 07375bfbf2620bc93a602c0e27160d6afc6ead38 GoogleAppMeasurement: 6e49ffac7d3f2c3ded9cc663f912a13b67bbd0de GoogleDataTransport: aae35b7ea0c09004c3797d53c8c41f66f219d6a7 GoogleSignIn: d4281ab6cf21542b1cfaff85c191f230b399d2db GoogleUtilities: 26a3abef001b6533cf678d3eb38fd3f614b7872d GTMAppAuth: f69bd07d68cd3b766125f7e072c45d7340dea0de GTMSessionFetcher: 5aea5ba6bd522a239e236100971f10cb71b96ab6 in_app_review: a850789fad746e89bce03d4aeee8078b45a53fd0 irondash_engine_context: da62996ee25616d2f01bbeb85dc115d813359478 nanopb: fad817b59e0457d11a5dfbde799381cd727c1275 package_info_plus: fa739dd842b393193c5ca93c26798dff6e3d0e0c path_provider_foundation: 2b6b4c569c0fb62ec74538f866245ac84301af46 PromisesObjC: f5707f49cb48b9636751c5b2e7d227e43fba9f47 purchases_flutter: 311989c823552e3f81e9b8767d4a326a50a8794b PurchasesHybridCommon: 20acf98303a9593f5d56b449459dcf16ea581a99 record_darwin: df0a677188e5fed18472550298e675f19ddaffbe RevenueCat: b2d2555cbb1f4116d341af4c5f82269c8e4e499a rive_common: cf5ab646aa576b2d742d0e2d528126fbf032c856 Sentry: f8374b5415bc38dfb5645941b3ae31230fbeae57 sentry_flutter: 0eb93e5279eb41e2392212afe1ccd2fecb4f8cbe shared_preferences_foundation: fcdcbc04712aee1108ac7fda236f363274528f78 sign_in_with_apple: a9e97e744e8edc36aefc2723111f652102a7a727 Sparkle: 5f8960a7a119aa7d45dacc0d5837017170bc5675 sqflite: 673a0e54cc04b7d6dba8d24fb8095b31c3a99eec sqlite3: 0bb0e6389d824e40296f531b858a2a0b71c0d2fb sqlite3_flutter_libs: 5ca46c1a04eddfbeeb5b16566164aa7ad1616e7b super_audio_macos: 7870a4d174219d7bc1cb4087dda83a4079936d2c super_native_extensions: 85efee3a7495b46b04befcfc86ed12069264ebf3 url_launcher_macos: 5f437abeda8c85500ceb03f5c1938a8c5a705399 PODFILE CHECKSUM: 94c9d80cd142b5dc81af94830113895e6e7be908 COCOAPODS: 1.15.2 ```
google-oss-bot commented 1 day ago

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

ncooke3 commented 10 hours ago

Thanks for the report, @knopp and apologies for the trouble. I took a look back and it looks like there are a few things going on here. In short, it was a mistake that the kSecUseDataProtectionKeychain flag was not being set in 10.29.0, and based on past reported behavior, attempting migration was believed to be more disruptive that a one-time need to re-auth.

This flag was added to this code in 10.05 to fix an issue where accessing the keychain on macOS would show pop-ups. The #ifndef was not correctly configured in the podspec causing the change to not work as intended for the CocoaPods distribution.

10.05 release notes: https://firebase.google.com/support/release-notes/ios#version_1050_-_february_7_2023

Apple recommends setting the kSecUseDataProtectionKeychain for all platforms. And doing so requires enabling the keychain groups capability on macOS. The issue with attempting a migration from non-kSecUseDataProtectionKeychain to using kSecUseDataProtectionKeychain was that a migration would trigger the popups when using the non-kSecUseDataProtectionKeychain query. This was why migration was avoided and also meant that a one-time cost of needing to re-auth was needed.

Here is the discussion for the original issue #10582 that prompted adding this flag to this code.