SP: Firebase not check SIGN WITH APPLE current status at launch time

[jesus-mg-ios]

[REQUIRED] Step 1: Describe your environment

• Xcode version: 13.3.1
• Firebase SDK version: 9.2.0
• Installation method: Swift Package Manager
• Firebase Component: Auth
• Target platform(s): iOS

[REQUIRED] Step 2: Describe the problem

SIGN WITH APPLE

We notice that firebase not check the current token. I mean in this flow the user still be logged in:

• User logged in with firebase apple sign in.
• Go to settings, remove the login with apple
• Back to app, the user is still being login.

Steps to reproduce:

• User logged in with firebase apple sign in.
• Go to settings, remove the login with apple
• Back to app, the user is still being login.

Relevant Code:

We double check the firebase documentation and there's nothing related to it. Apple says that you should check the status at launch time.

https://developer.apple.com/app-store/review/guidelines/#sign-in-with-apple

Thanks in advance

[rizafran]

Thanks for reporting, @jesus-mg-ios. It looks like your issue is related to #9906.

[jesus-mg-ios]

@rizafran, thanks for your response. I think that is not related to this issue, because it is about account deletion and this issue is about remove Sign In with Apple from settings

[peterfriese]

Hi @jesus-mg-ios - that's right, you need to monitor the authorisation state yourself. This is because the user might be authenticated using more than just one provider (e.g. Sign in with Apple, and Email/Link or Email/Password), and it is up to the app developer to decide when to sign them out.

To monitor auth state, here are two snippets you might find useful:

Monitor authentication state while the app is running:

someSwiftUIView
  .onReceive(NotificationCenter.default.publisher(for: ASAuthorizationAppleIDProvider.credentialRevokedNotification)) { event in
    do {
      try Auth.auth().signOut()
    }
    catch {
      print(error)
    }
  }
}

Check User Credentials at Launch

Call this from your app entry point:

  func verifySignInWithAppleAuthenticationState() {
    let appleIDProvider = ASAuthorizationAppleIDProvider()
    let providerData = Auth.auth().currentUser?.providerData
    if let appleProviderData = providerData?.first(where: { $0.providerID == "apple.com" }) {
      Task {
        do {
          let credentialState = try await appleIDProvider.credentialState(forUserID: appleProviderData.uid)
          switch credentialState {
          case .authorized:
            break // The Apple ID credential is valid.
          case .revoked, .notFound:
            // The Apple ID credential is either revoked or was not found, so show the sign-in UI.
            self.signOut()
          default:
            break
          }
        }
        catch {
        }
      }
    }
  }

[jesus-mg-ios]

Would be great, if Firebase would provide a method with your snippet under the hood. @peterfriese

[jesus-mg-ios]

@ncooke3 is there any plan to provide a firebase method to automatically or opt-in check this without all teams using this kinda sign-in sign-up copy and pasting the snippet provided by @peterfriese?