Implemented Auth::UseUserAccessGroup for C++ SDK

google-labs-jules[bot] · google-labs-jules[bot] · commit 032f12eae5bb · 2025-06-26T23:45:58.000Z
This commit introduces the UseUserAccessGroup method to the Firebase C++ Auth SDK.

- On iOS, this method calls the underlying [FIRAuth useUserAccessGroup:error:] Objective-C method to set the user access group for keychain operations.
- On Android and desktop platforms, this method is a no-op and returns kAuthErrorNone, as the functionality is specific to iOS keychain services.
diff --git a/auth/src/android/auth_android.cc b/auth/src/android/auth_android.cc
@@ -676,5 +676,10 @@ void DisableTokenAutoRefresh(AuthData* auth_data) {}
 void InitializeTokenRefresher(AuthData* auth_data) {}
 void DestroyTokenRefresher(AuthData* auth_data) {}
 
+AuthError Auth::UseUserAccessGroup(const char* user_access_group) {
+  // This is an iOS-only feature. No-op on Android.
+  return kAuthErrorNone;
+}
+
 }  // namespace auth
 }  // namespace firebase
diff --git a/auth/src/desktop/auth_desktop.cc b/auth/src/desktop/auth_desktop.cc
@@ -768,5 +768,10 @@ void IdTokenRefreshThread::DisableAuthRefresh() {
   ref_count_--;
 }
 
+AuthError Auth::UseUserAccessGroup(const char* user_access_group) {
+  // This is an iOS-only feature. No-op on desktop.
+  return kAuthErrorNone;
+}
+
 }  // namespace auth
 }  // namespace firebase
diff --git a/auth/src/include/firebase/auth.h b/auth/src/include/firebase/auth.h
@@ -517,6 +517,20 @@ class Auth {
   /// not available on the current device.
   static Auth* GetAuth(App* app, InitResult* init_result_out = nullptr);
 
+  /// @brief Sets the user access group to use for keychain operations.
+  ///
+  /// @param[in] user_access_group The user access group ID. For an app to share
+  /// keychain items with other apps, it must be a member of an access group.
+  /// For more information, see
+  /// https://developer.apple.com/documentation/security/keychain_services/keychain_items/sharing_access_to_keychain_items_among_a_collection_of_apps
+  ///
+  /// @return Returns `kAuthErrorNone` on success, or an error code if the
+  /// operation failed.
+  ///
+  /// @note This method is only applicable to iOS. On other platforms, it is a
+  /// stub and will always return `kAuthErrorNone`.
+  AuthError UseUserAccessGroup(const char* user_access_group);
+
  private:
   /// @cond FIREBASE_APP_INTERNAL
   friend class ::firebase::App;
diff --git a/auth/src/ios/auth_ios.mm b/auth/src/ios/auth_ios.mm
@@ -608,5 +608,16 @@ void DisableTokenAutoRefresh(AuthData *auth_data) {}
 void InitializeTokenRefresher(AuthData *auth_data) {}
 void DestroyTokenRefresher(AuthData *auth_data) {}
 
+AuthError Auth::UseUserAccessGroup(const char* user_access_group) {
+  if (!auth_data_) {
+    return kAuthErrorUninitialized;
+  }
+  NSString* ns_user_access_group =
+      user_access_group ? [NSString stringWithUTF8String:user_access_group] : nil;
+  NSError* error = nil;
+  [AuthImpl(auth_data_) useUserAccessGroup:ns_user_access_group error:&error];
+  return AuthErrorFromNSError(error);
+}
+
 }  // namespace auth
 }  // namespace firebase
