From f4d6df7c715ac21f7e63ec05df82b8ae28949cf8 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Wed, 23 Aug 2023 17:50:02 -0700 Subject: [PATCH 1/3] Update GIDSignIn and AppAttestExample Podfile to handle placeholder app check tokens --- GoogleSignIn/Sources/GIDSignIn.m | 21 ++++++++++++++------- Samples/Swift/AppAttestExample/Podfile | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/GoogleSignIn/Sources/GIDSignIn.m b/GoogleSignIn/Sources/GIDSignIn.m index 67e4cc9e..c81eb377 100644 --- a/GoogleSignIn/Sources/GIDSignIn.m +++ b/GoogleSignIn/Sources/GIDSignIn.m @@ -183,6 +183,8 @@ @implementation GIDSignIn { #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST // The class used to manage presenting the loading screen for fetching app check tokens. GIDTimedLoader *_timedLoader; + // Flag indicating developer's intent to use App Check. + BOOL _configureAppCheckCalled; #endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST } @@ -481,6 +483,7 @@ + (GIDSignIn *)sharedInstance { #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST - (void)configureWithCompletion:(nullable void (^)(NSError * _Nullable))completion { @synchronized(self) { + _configureAppCheckCalled = YES; [_appCheck prepareForAppCheckWithCompletion:^(NSError * _Nullable error) { if (completion) { completion(error); @@ -538,6 +541,7 @@ - (instancetype)initWithKeychainStore:(GTMKeychainStore *)keychainStore self = [self initWithKeychainStore:keychainStore]; if (self) { _appCheck = appCheck; + _configureAppCheckCalled = NO; } return self; } @@ -632,15 +636,18 @@ - (void)authenticateInteractivelyWithOptions:(GIDSignInInternalOptions *)options - (void)authorizationRequestWithOptions:(GIDSignInInternalOptions *)options completion: (void (^)(OIDAuthorizationRequest *_Nullable request, NSError *_Nullable error))completion { - BOOL shouldCallCompletion = YES; + BOOL shouldCreateAuthRequest = YES; NSMutableDictionary *additionalParameters = [self additionalParametersFromOptions:options]; #if TARGET_OS_IOS && !TARGET_OS_MACCATALYST if (@available(iOS 14.0, *)) { // Only use `_appCheck` (created via singleton `+[GIDSignIn sharedInstance]` call) if - // `-[GIDAppCheck prepareForAppCheckWithCompletion:]` has been called - if ([_appCheck isPrepared]) { - shouldCallCompletion = NO; + // `GIDAppCheck` has been successfully prepared OR if the developer has attempted to configure. + // If former is false and the latter true, then preparation step failed for some reason; we + // still want to try to pass along the app check token (it just may take longer since the + // pre-warm step failed). + if ([_appCheck isPrepared] || _configureAppCheckCalled) { + shouldCreateAuthRequest = NO; UIViewController *presentingVC = options.presentingViewController; if (!_timedLoader) { _timedLoader = [[GIDTimedLoader alloc] initWithPresentingViewController:presentingVC]; @@ -652,9 +659,9 @@ - (void)authorizationRequestWithOptions:(GIDSignInInternalOptions *)options comp if (token) { additionalParameters[kClientAssertionTypeParameter] = kClientAssertionTypeParameterValue; additionalParameters[kClientAssertionParameter] = token.token; - request = [self authorizationRequestWithOptions:options - additionalParameters:additionalParameters]; } + request = [self authorizationRequestWithOptions:options + additionalParameters:additionalParameters]; if (self->_timedLoader.animationStatus == GIDTimedLoaderAnimationStatusAnimating) { [self->_timedLoader stopTimingWithCompletion:^{ completion(request, error); @@ -666,7 +673,7 @@ - (void)authorizationRequestWithOptions:(GIDSignInInternalOptions *)options comp } } #endif // TARGET_OS_IOS && !TARGET_OS_MACCATALYST - if (shouldCallCompletion) { + if (shouldCreateAuthRequest) { OIDAuthorizationRequest *request = [self authorizationRequestWithOptions:options additionalParameters:additionalParameters]; completion(request, nil); diff --git a/Samples/Swift/AppAttestExample/Podfile b/Samples/Swift/AppAttestExample/Podfile index 2a5c41a5..e9762846 100644 --- a/Samples/Swift/AppAttestExample/Podfile +++ b/Samples/Swift/AppAttestExample/Podfile @@ -5,6 +5,6 @@ project 'AppAttestExample.xcodeproj' use_frameworks! :linkage => :static target 'AppAttestExample' do - pod 'AppCheckCore', :git => 'https://github.com/google/app-check.git', :tag => 'CocoaPods-0.1.0-alpha.1' + pod 'AppCheckCore', :git => 'https://github.com/google/app-check.git', :tag => 'CocoaPods-0.1.0-alpha.4' platform :ios, '14.0' end From 9e6b6ad3c35d28854dc3b3e08f85c5232b430a63 Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Thu, 31 Aug 2023 16:00:13 -0700 Subject: [PATCH 2/3] Remove old token and update sample Podfile --- .../xcshareddata/xcschemes/AppAttestExample.xcscheme | 7 ------- Samples/Swift/AppAttestExample/Podfile | 5 ++++- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme index 43e79198..f2c125f8 100644 --- a/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme +++ b/Samples/Swift/AppAttestExample/AppAttestExample.xcodeproj/xcshareddata/xcschemes/AppAttestExample.xcscheme @@ -49,13 +49,6 @@ ReferencedContainer = "container:AppAttestExample.xcodeproj"> - - - - '../../../', :testspecs => ['unit'] pod 'GoogleSignInSwiftSupport', :path => '../../../', :testspecs => ['unit'] project 'AppAttestExample.xcodeproj' @@ -5,6 +8,6 @@ project 'AppAttestExample.xcodeproj' use_frameworks! :linkage => :static target 'AppAttestExample' do - pod 'AppCheckCore', :git => 'https://github.com/google/app-check.git', :tag => 'CocoaPods-0.1.0-alpha.4' + pod 'AppCheckCore' platform :ios, '14.0' end From 21582867153160961c686d4825459142c94a9a0a Mon Sep 17 00:00:00 2001 From: Matthew Mathias Date: Tue, 5 Sep 2023 13:49:35 -0700 Subject: [PATCH 3/3] Add NSLog for error during debug builds when retrieving limited use token --- GoogleSignIn/Sources/GIDSignIn.m | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/GoogleSignIn/Sources/GIDSignIn.m b/GoogleSignIn/Sources/GIDSignIn.m index c81eb377..c544e588 100644 --- a/GoogleSignIn/Sources/GIDSignIn.m +++ b/GoogleSignIn/Sources/GIDSignIn.m @@ -660,6 +660,11 @@ - (void)authorizationRequestWithOptions:(GIDSignInInternalOptions *)options comp additionalParameters[kClientAssertionTypeParameter] = kClientAssertionTypeParameterValue; additionalParameters[kClientAssertionParameter] = token.token; } + #if DEBUG + if (error) { + NSLog(@"[Google Sign-In iOS]: Error retrieving App Check limited use token: %@", error); + } + #endif request = [self authorizationRequestWithOptions:options additionalParameters:additionalParameters]; if (self->_timedLoader.animationStatus == GIDTimedLoaderAnimationStatusAnimating) {