Enabling cross-app authentication with shared Apple Keychain
Stay organized with collectionsSave and categorize content based on your preferences.
To share authentication states across multiple apps or extensions on Apple platforms, store
the authentication state in a shared keychain usingKeychain Servicesand configure your apps to use the shared keychain.
This allows users to:
Sign in once and be signed in across all apps that belong to the same access
group.
Sign out once and be signed out across all apps that belong to the same access
group.
In at least one app, sign in a user with any sign in method.
Swift
Auth.auth().signInAnonymously{result,errorin// User signed in}
Objective-C
[FIRAuthsignInAnonymouslyWithCompletion:^(FIRAuthDataResult*_Nullableresult,NSError*_Nullableerror){// User signed in}];
The same current user is available in all apps in the access group.
Swift
varuser=Auth.auth().currentUser
Objective-C
FIRUser*user=FIRAuth.auth.currentUser;
Switch back to an unshared keychain
Set the access group tonilto stop sharing auth state.
Swift
do{tryAuth.auth().useUserAccessGroup(nil)}catchleterrorasNSError{print("Error changing user access group: %@",error)}
Objective-C
[FIRAuth.authuseUserAccessGroup:nilerror:nil];
Sign in a user with any sign in method. The user state will not be available
to any other apps.
Swift
Auth.auth().signInAnonymously{result,errorin// User signed in}
Objective-C
[FIRAuthsignInAnonymouslyWithCompletion:^(FIRAuthDataResult*_Nullableresult,NSError*_Nullableerror){// User signed in}];
Migrate a signed-in user to a shared keychain
To migrate a user who's already signed in to a shared state:
Make a reference to the current user for future use.
Swift
varuser=Auth.auth().currentUser
Objective-C
FIRUser*user=FIRAuth.auth.currentUser;
(Optional) Check the auth state of the access group you want to share.
Swift
letaccessGroup="TEAMID.com.example.group1"vartempUser:User?do{trytempUser=Auth.auth().getStoredUser(forAccessGroup:accessGroup)}catchleterrorasNSError{print("Error getting stored user: %@",error)}iftempUser!=nil{// A user exists in the access group}else{// No user exists in the access group}
Objective-C
NSString*accessGroup=@"TEAMID.com.example.group1";FIRUser*tempUser=[FIRAuthgetStoredUserForAccessGroup:accessGrouperror:nil];if(tempUser){// A user exists in the access group}else{// No user exists in the access group}
Use an access group that you previously set in the project settings.
Swift
do{tryAuth.auth().useUserAccessGroup(accessGroup)}catchleterrorasNSError{print("Error changing user access group: %@",error)}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-05 UTC."],[],[],null,["To share authentication states across multiple apps or extensions on Apple platforms, store\nthe authentication state in a shared keychain using [Keychain Services](https://developer.apple.com/documentation/security/keychain_services)\nand configure your apps to use the shared keychain.\n\nThis allows users to:\n\n- Sign in once and be signed in across all apps that belong to the same access group.\n- Sign out once and be signed out across all apps that belong to the same access group.\n\n| **Note:** Shared keychain does not automatically update users across apps in real time. If you make a change to a user in one app, the user must be reloaded in any other shared keychain apps before the changes will be visible.\n\nShare auth state between apps\n\nTo share auth state between apps:\n\n1. Set up an access group for your apps.\n\n You can use either a keychain access group or an app group. See [Sharing Access to Keychain Items Among a Collection of Apps](https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps)\n for details.\n\n To set up a keychain access group, do the following for each app:\n 1. In Xcode, go to **Project settings \\\u003e Capabilities**.\n 2. Enable Keychain Sharing.\n 3. Add a keychain group identifier. Use the same identifier for all of the apps you want to share state.\n2. In each app, set the access group to the keychain access group or app group\n you created in the previous step.\n\n Swift \n\n do {\n try Auth.auth().useUserAccessGroup(\"TEAMID.com.example.group1\")\n } catch let error as NSError {\n print(\"Error changing user access group: %@\", error)\n }\n\n Objective-C \n\n [FIRAuth.auth useUserAccessGroup:@\"TEAMID.com.example.group1\"\n error:nil];\n\n3. In at least one app, sign in a user with any sign in method.\n\n Swift \n\n Auth.auth().signInAnonymously { result, error in\n // User signed in\n }\n\n Objective-C \n\n [FIRAuth signInAnonymouslyWithCompletion:^(FIRAuthDataResult *_Nullable result,\n NSError *_Nullable error) {\n // User signed in\n }];\n\n The same current user is available in all apps in the access group. \n\n Swift \n\n var user = Auth.auth().currentUser\n\n Objective-C \n\n FIRUser *user = FIRAuth.auth.currentUser;\n\nSwitch back to an unshared keychain\n\n1. Set the access group to `nil` to stop sharing auth state.\n\n Swift \n\n do {\n try Auth.auth().useUserAccessGroup(nil)\n } catch let error as NSError {\n print(\"Error changing user access group: %@\", error)\n }\n\n Objective-C \n\n [FIRAuth.auth useUserAccessGroup:nil error:nil];\n\n2. Sign in a user with any sign in method. The user state will not be available\n to any other apps.\n\n Swift \n\n Auth.auth().signInAnonymously { result, error in\n // User signed in\n }\n\n Objective-C \n\n [FIRAuth signInAnonymouslyWithCompletion:^(FIRAuthDataResult *_Nullable result,\n NSError *_Nullable error) {\n // User signed in\n }];\n\nMigrate a signed-in user to a shared keychain\n\nTo migrate a user who's already signed in to a shared state:\n\n1. Make a reference to the current user for future use.\n\n Swift \n\n var user = Auth.auth().currentUser\n\n Objective-C \n\n FIRUser *user = FIRAuth.auth.currentUser;\n\n | **Note:** Switching from non-sharing to a shared keychain results in clearing the signed-in user. Switching from a shared to unshared keychain will not clear the signed-in user, even when no app uses that access group.\n2. (Optional) Check the auth state of the access group you want to share.\n\n Swift \n\n let accessGroup = \"TEAMID.com.example.group1\"\n var tempUser: User?\n do {\n try tempUser = Auth.auth().getStoredUser(forAccessGroup: accessGroup)\n } catch let error as NSError {\n print(\"Error getting stored user: %@\", error)\n }\n if tempUser != nil {\n // A user exists in the access group\n } else {\n // No user exists in the access group\n }\n\n Objective-C \n\n NSString *accessGroup = @\"TEAMID.com.example.group1\";\n FIRUser *tempUser = [FIRAuth getStoredUserForAccessGroup:accessGroup\n error:nil];\n if (tempUser) {\n // A user exists in the access group\n } else {\n // No user exists in the access group\n }\n\n3. Use an access group that you previously set in the project settings.\n\n Swift \n\n do {\n try Auth.auth().useUserAccessGroup(accessGroup)\n } catch let error as NSError {\n print(\"Error changing user access group: %@\", error)\n }\n\n Objective-C \n\n [FIRAuth.auth useUserAccessGroup:accessGroup error:nil];\n\n4. Update the current user.\n\n Swift \n\n Auth.auth().updateCurrentUser(user!) { error in\n // Error handling\n }\n\n Objective-C \n\n [FIRAuth.auth updateCurrentUser:user completion:^(NSError * _Nullable error) {\n // Error handling\n }];\n\n | **Note:** You will receive 2 notifications if you are listening to auth state changes on FIRAuth: first, it is triggered with nil (when switching to a new access group), and then triggered again with user (when `updateCurrentUser` is called). You can ignore these notifications.\n5. The user now can be accessed by other apps that have access to the same access group."]]
