To share authentication states across multiple apps or extensions on Apple platforms, store the authentication state in a shared keychain using Keychain Services and configure your apps to use the shared keychain.
This allows users to:
- Sign in once and be signed in across all apps that belong to the same access group.
- Sign out once and be signed out across all apps that belong to the same access group.
Share auth state between apps
To share auth state between apps:
-
Set up an access group for your apps.
You can use either a keychain access group or an app group. See Sharing Access to Keychain Items Among a Collection of Apps for details.
To set up a keychain access group, do the following for each app:
- In Xcode, go to Project settings > Capabilities.
- Enable Keychain Sharing.
- Add a keychain group identifier. Use the same identifier for all of the apps you want to share state.
-
In each app, set the access group to the keychain access group or app group you created in the previous step.
Swift
do { try Auth . auth (). useUserAccessGroup ( "TEAMID.com.example.group1" ) } catch let error as NSError { print ( "Error changing user access group: %@" , error ) }Objective-C
[ FIRAuth . auth useUserAccessGroup : @ "TEAMID.com.example.group1" error : nil ]; -
In at least one app, sign in a user with any sign in method.
Swift
Auth . auth (). signInAnonymously { result , error in // User signed in }Objective-C
[ FIRAuth signInAnonymouslyWithCompletion :^ ( FIRAuthDataResult * _Nullable result , NSError * _Nullable error ) { // User signed in }];The same current user is available in all apps in the access group.
Swift
var user = Auth . auth (). currentUserObjective-C
FIRUser * user = FIRAuth . auth . currentUser ;
Switch back to an unshared keychain
-
Set the access group to
nilto stop sharing auth state.Swift
do { try Auth . auth (). useUserAccessGroup ( nil ) } catch let error as NSError { print ( "Error changing user access group: %@" , error ) }Objective-C
[ FIRAuth . auth useUserAccessGroup : nil error : nil ]; -
Sign in a user with any sign in method. The user state will not be available to any other apps.
Swift
Auth . auth (). signInAnonymously { result , error in // User signed in }Objective-C
[ FIRAuth signInAnonymouslyWithCompletion :^ ( FIRAuthDataResult * _Nullable result , NSError * _Nullable error ) { // User signed in }];
Migrate a signed-in user to a shared keychain
To migrate a user who's already signed in to a shared state:
-
Make a reference to the current user for future use.
Swift
var user = Auth . auth (). currentUserObjective-C
FIRUser * user = FIRAuth . auth . currentUser ; -
(Optional) Check the auth state of the access group you want to share.
Swift
let accessGroup = "TEAMID.com.example.group1" var tempUser : User ? do { try tempUser = Auth . auth (). getStoredUser ( forAccessGroup : accessGroup ) } catch let error as NSError { print ( "Error getting stored user: %@" , error ) } if tempUser != nil { // A user exists in the access group } else { // No user exists in the access group }Objective-C
NSString * accessGroup = @ "TEAMID.com.example.group1" ; FIRUser * tempUser = [ FIRAuth getStoredUserForAccessGroup : accessGroup error : nil ]; if ( tempUser ) { // A user exists in the access group } else { // No user exists in the access group } -
Use an access group that you previously set in the project settings.
Swift
do { try Auth . auth (). useUserAccessGroup ( accessGroup ) } catch let error as NSError { print ( "Error changing user access group: %@" , error ) }Objective-C
[ FIRAuth . auth useUserAccessGroup : accessGroup error : nil ]; -
Update the current user.
Swift
Auth . auth (). updateCurrentUser ( user !) { error in // Error handling }Objective-C
[ FIRAuth . auth updateCurrentUser : user completion :^ ( NSError * _Nullable error ) { // Error handling }]; -
The user now can be accessed by other apps that have access to the same access group.
