Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR]: Add inMemory support for Auth module #14396

Open
nawaz4225 opened this issue Jan 29, 2025 · 1 comment
Open

[FR]: Add inMemory support for Auth module #14396

nawaz4225 opened this issue Jan 29, 2025 · 1 comment
Labels
api: auth type: feature request

Comments

@nawaz4225
Copy link

Description

1. Use Case:
As a developer, I need to configure the Firebase Auth module to utilize in-memory storage exclusively within the UI Tests target. Since UI Tests cannot access the Keychain, this adjustment is critical for validating UI state changes triggered by Firestore snapshot listeners. Specifically, I require the ability to programmatically authenticate users during UI tests to bypass security rules and verify correct UI behavior when interacting with Firestore data protected by authenticated user permissions.

2. Current Firebase SDK Behavior:
The Firebase Auth SDK defaults to secure Keychain storage for sensitive user data (tokens, credentials) on iOS/macOS. While this ensures production-grade security, it renders Auth unusable in UI Testing environments due to Keychain access restrictions. This limitation blocks testing of auth-dependent flows, such as Firestore write operations guarded by security rules.

3. Proposed Enhancement for Firebase SDK:
Introduce an explicit in-memory storage mode for Firebase Auth, configurable at runtime. This mode would:

Disable Keychain Persistence: Prevent any Keychain read/write operations when activated.
Retain Auth State In-Memory: Maintain user credentials, tokens, and auth state within the active app session.
Reset State on App Termination: Clear all auth data upon app exit to mimic ephemeral test environments.
Implementation Recommendations:

Add a storageType Property to AuthSettings:

public enum AuthStorageType {
  case keychain    // Default production behavior (persists to Keychain)
  case inMemory    // Ephemeral storage for tests (no Keychain access)
}

let auth = Auth.auth()
auth.settings.storageType = .inMemory // Set before auth APIs are used

Documentation & Safety Measures:
Clearly label .inMemory as unsuitable for production in API docs.
Throw a runtime warning/assertion if .inMemory is used outside of debug/UI test builds.

  1. Benefits:

Unblock UI Testing: Enables end-to-end validation of auth-gated workflows (e.g., Firestore writes) without Keychain.
Explicit Control: Developers opt into in-memory behavior only where needed, preserving secure defaults.
Platform Consistency: Aligns with existing patterns like Firestore’s settings.isPersistenceEnabled.

func testAuthProtectedFlow() {
  // Configure Auth for in-memory (no Keychain)  
  let app = XCUIApplication()
  app.launch()

  // Programmatically sign in (no UI interaction)  
  Auth.auth().signIn(withEmail: "[email protected]", password: "password")

  // Perform Firestore write & validate UI update  
  let db = Firestore.firestore()
  db.collection("protectedData").document("testDoc").setData(["value": 42])
  XCTAssert(app.staticTexts["Data Updated"].exists)
}

This approach balances security with testing flexibility, empowering developers to validate auth-integrated experiences fully.

API Proposal

No response

Firebase Product(s)

Authentication
@google-oss-bot
Copy link

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api: auth type: feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nawaz4225 @google-oss-bot @rizafran