[App Check] Implement FirebaseAppCheck as a shim of AppCheckCore #12067
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Extracted the non-Firebase-specific implementation details out of FIRAppCheckSettings into GACAppCheckSettings. Added a GACAppCheckTokenAutoRefreshPolicy enum to represent the tri-state (nil/YES/NO) of auto token refresh enablement in GACAppCheckSettings.
- Renamed FIR-prefixed symbols to GAC in unit tests for the generic (non-Firebase-specific) App Check SDK. - Removed SharedTestUtilities/AppCheck* directories from the unit_tests spec sources (imports already changed to AppCheck/Tests/Utils/AppCheck*).
Added logging macros as drop-in replacements for the GAC/FIRAppCheckLogger macros. These are simple wrappers around NSLog and are not compiled out based on the desired logging level.
Removed Firebase-specific implementation details (Google App ID and Firebase App Name) from GACAppCheckStorage.
Removed the direct dependency on FIRHeartbeatLoggerProtocol from GACAppCheckAPIService, moving it up into the App Check providers. Added request hooks (blocks) to allow heartbeat logging headers to be added to requests before they are sent.
Publicly exposed the initWithApp:appCheckProvider: constructor in GACAppCheck for the non-Firebase-specific App Check SDK. Since an AppCheckProvider is explicitly specified when constructing this generic App Check SDK, the AppCheckProviderFactory protocol / pattern / functionality is no longer used. Added a podspec for AppCheckInterop and added it as a dependency in the existing AppCheck podspec. This is a lightweight, protocol-only, dependency that non-Firebase SDKs can make use of.
Removed the GACAppCheckProviderFactory protocol, and classes conforming to it, since they are no longer used in the non-Firebase-specific App Check SDK.
Removed the Firebase-specific identifiers `projectID` and `appID` from `GACAppAttestAPIService` in favour of a generic `resourceName`.
Removed the Firebase-specific identifiers `appName` and `appID` from `GACAppAttestKeyIDStorage`, replacing them with a generic `keySuffix`.
…11324) - Removed the unused `appID` property from `GACAppCheckAPIService`. - Removed heartbeat logging tests from `GACAppCheckAPIServiceTests`. - Added request hook, additional headers and API key tests to `GACAppCheckAPIServiceTests`.
Removed the Firebase-specific references `appName` and `appID` from `GACAppAttestArtifactStorage`. They have been moved up one layer into `GACAppAttestProvider`.
Removed Firebase-specific dependencies, specifically `FIRApp`, from `GACAppAttestProvider`.
Removed Firebase-specific symbols and implementation details from the generic App Check Debug Provider (GACAppCheckDebugProvider).
Removed Firebase-specific symbols and implementation details from the generic Device Check Provider (GACDeviceCheckProvider).
Added a workflow (GitHub Action) for the non-Firebase-specific App Check SDK.
Removed Firebase-specific symbols and implementation details from the generic GACAppCheck.
The constants in `GACAppCheckLogger` conflict with those in `FIRAppCheckLogger`.
Removed the headers in `AppCheck/Interop` from the App Check SDK `source_files`.
The `GACAppCheckSettings` settings class has been migrated into the App Check SDK and is no longer needed in the Firebase App Check SDK.
…im (#11410) Re-implemented `FIRAppCheckDebugProvider` as a shim around the non-Firebase-specific `GACAppCheckDebugProvider`.
Re-implemented `FIRAppAttestProvider` as a shim around the non-Firebase-specific `GACAppAttestProvider`.
…11434) Re-implemented `FIRDeviceCheckProvider` as a shim around the non-Firebase-specific `GACDeviceCheckProvider`.
…s` (#11460) Most of the `GAC`/`FIRAppCheckSettings` class is Firebase-specific (e.g., `NSUserDefaults` and `Info.plist` keys, `isDataCollectionDefaultEnabled` on `FIRApp`). This functionality has been moved back to `FIRAppCheckSettings`, leaving `GACAppCheckSettingsProtocol` in the generic App Check SDK.
- Removed the `tokenForcingRefresh:completion:` and `limitedUseTokenWithCompletion:` methods from `GACAppCheck` (`getTokenForcingRefresh:completion:` and `getLimitedUseTokenWithCompletion:` from `GACAppCheckInterop` remain). - The `GACAppCheckInterop` method completion handlers now return a `GACAppCheckTokenInterop` or `NSError` instead of a `GACAppCheckTokenResultInterop` (which held either a valid token on success or a dummy token + error on failure). - Removed `GACAppCheckFake` and `GACAppCheckTokenResultFake` from the SDK since these classes were unused. These changes have been done to minimize the `GACAppCheck` API surface while still allowing the `FIRAppCheck` shim to be built.
…1524) Replaced token refresh notifications via `NSNotificationCenter` with `GACAppCheckTokenDelegate` in the internal App Check SDK. Firebase App Check (shim SDK) can continue to support the existing `NSNotification`s by providing a `GACAppCheckTokenDelegate` that posts notifications in its `tokenDidUpdate:instanceName:` method.
Copied `FIRDateTestUtils` (as `GACDateTestUtils`) and `FIRURLSessionOCMockStub` (as `GACURLSessionOCMockStub`) from the `SharedTestUtilities` directory in the root of the repo into `AppCheck/Tests/Utils/...`. The `SharedTestUtilities` directory won't be available when `AppCheck` is moved into a separate repo.
Added a dependency on the `FirebaseCoreExtension` pod in `AppCheck` since the local paths to `FirebaseCore/Extension/...` will not be accessible when App Check Lite is moved into a separate repo.
Made the tokenDelegate parameter nullable in the constructor for GACAppCheck since the feature is not used by all integrators. E.g., it is not needed if token refresh isn't used -- 'tokenDidUpdate:instanceName:' would never get called. - Added parameter documentation to the 'initWithInstanceName:appCheckProvider:settings:tokenDelegate:resourceName:keychainAccessGroup' constructor in GACAppCheck. - Renamed the umbrella header from AppCheck.h to AppCheckCore.h to match the framework name.
Added a class GACAppCheckSettings that conforms to GACAppCheckSettingsProtocol and implemented FIRAppCheckSettings as a subclass of it.
The ObjC Protocol-only interop SDK is not needed by our integrators.
…11599) For consistency, renamed both instanceName and storageID to serviceName for consistency. In all cases, the serviceName is an identifier that differentiates multiple GACAppCheck instances such as when there are multiple FIRApps in use, or multiple dependent SDKs (e.g., Firebase and Google Sign-In). This unique identifier ensures their state is not shared in the Keychain or in User Defaults.
Apple API Diff ReportCommit: 65b22b3 FirebaseAppCheckProtocolsFIRAppCheckProvider[ADDED] -getLimitedUseTokenWithCompletion:Swift:
+ optional func getLimitedUseToken () async throws -> FIRAppCheckToken
Objective-C:
+ - ( void ) getLimitedUseTokenWithCompletion : ( nonnull void ( ^ )( FIRAppCheckToken * _Nullable , NSError * _Nullable )) handler ; |
paulb777
reviewed
Nov 7, 2023
|
Note: The |
paulb777
approved these changes
Nov 7, 2023
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implemented
FirebaseAppCheckas a shim / wrapper of the newAppCheckCoreSDK.#no-changelog