Open WillBishop opened 2 years ago
Any update on this? Is this even theoretically possible or not?
Hey Will, sorry for the slow response. As far as I know this should be possible, but we haven't gotten around to evaluating/scheduling this work.
Ah ok no worries. I only ask because I have 1000s of active users, and forcing them all to log in again is not ideal.
I am also interested in this since we have around 100k+ active users, and the worst part is they are mostly anonymous.
Hey @morganchen12 and @rosalyntan is there any update on this? My app has grown to over 20k users and I can't make them all log in again, but switching the keychain would be awesome
I have made a quick fix. It seems to work, but I think it will cause some problems when users try to logout, since the logout will happen on the shared keychain, and a user will still be logged in in the private keychain.
Right after initializing the library, add this code.
let tmpUser = Auth.auth().currentUser
Auth.auth().shareAuthStateAcrossDevices = true
do {
try Auth.auth().useUserAccessGroup("XXX.my.app.id")
} catch let error as NSError {
print("Error changing user access group: %@", error)
}
if let oldUser = tmpUser {
if Auth.auth().currentUser?.uid ?? "" != oldUser.uid {
// this happens when we migrate from unshared keychain to a shared keychain
Auth.auth().updateCurrentUser(oldUser)
}
}
I believe I've tried very similar code and it didn't survive after an app reboot
The 'fix' for #10582 forces our users to log out because a new key is created. I'm hoping that we can find a fix/mitigation similar to this request that will let us upgrade to Firebase 10.5.0+ without logging our users out.
EDIT: A coworker found #10979. Looks like they tried to fix the log out issue in Firebase but couldn't. I am going to experiment with something similar to the workaround Marius shared.
cc: @ncooke3
Feature proposal
Currently migrating to a shared Keychain means clearing the current user. For an app in production with thousands of MAU, signing out all of those users to migrate their keychain.
Would it be possible to move the login tokens from a non-shared keychain to a shared keychain, as it seems possible to move in the other direction.