From 234422800ad0692bac15c0e4a28a5aad09ca3a05 Mon Sep 17 00:00:00 2001 From: Yaro Luchko Date: Fri, 9 Aug 2024 18:23:22 -0700 Subject: [PATCH 1/8] feat(swift): Documentation for shared keychain --- .../auth/advanced-workflows/index.mdx | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index e365cf82809..8bf37a6316d 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -375,6 +375,55 @@ func federateToIdentityPoolsUsingCustomIdentityId() async throws { } ``` +## Keychain Sharing + +### Migrating to a Shared Keychain + +To use a shared keychain: + +1. In Xcode, go to Project Settings → Signing & Capabilities +2. Click +Capability +3. Add Keychain Sharing capability +4. Add a keychain group +5. Repeat for all apps for which you want to share auth state, adding the same keychain group for all of them + +To move to the shared keychain using this new keychain access group, specify the accessGroup parameter when instantiating the `AWSCognitoAuthPlugin`. If a user is currently signed-in, they will be logged out when first using the access group: + +```swift +let accessGroup = AccessGroup(name: "\(teamID).com.example.sharedItems") +let secureStoragePreferences = AWSCognitoSecureStoragePreferences( + accessGroup: accessGroup) +try Amplify.add( + plugin: AWSCognitoAuthPlugin( + secureStoragePreferences: secureStoragePreferences)) +try Amplify.configure() +``` + +If you would prefer the user session to be migrated (which will allow the user to continue to be signed-in), then specify the `migrateKeychainItemsOfUserSession` boolean in the AccessGroup to be true like so: + +```swift +let accessGroup = AccessGroup( + name: "\(teamID).com.example.sharedItems", + migrateKeychainItemsOfUserSession: true) +let secureStoragePreferences = AWSCognitoSecureStoragePreferences( + accessGroup: accessGroup) +try Amplify.add( + plugin: AWSCognitoAuthPlugin( + secureStoragePreferences: secureStoragePreferences)) +try Amplify.configure() +``` + +Sign in a user with any sign-in method within one app that uses this access group. After reloading another app that uses this access group, the user will be signed in. Likewise, signing out of one app will sign out the other app after reloading it. + +### Migrating to another Shared Keychain + +To move to a different access group, update the name parameter of the AccessGroup to be the new access group. Set `migrateKeychainItemsOfUserSession` to `true` to migrate an existing user session under the previously used access group. + +### Migrating from a Shared Keychain + +If you’d like to stop sharing state between this app and other apps, you can set the access group to be `AccessGroup.none` or `AccessGroup.none(migrateKeychainItemsOfUserSession: true)` if you’d like the session to be migrated. + + ## Subscribing to Events From f7e0a3b938a5900a4fb601c3df6d3540391c1d7c Mon Sep 17 00:00:00 2001 From: Yaro Luchko <85574367+yaroluchko@users.noreply.github.com> Date: Thu, 15 Aug 2024 12:00:02 -0700 Subject: [PATCH 2/8] Remove stray space in shared keychain documentation Co-authored-by: josef --- .../build-a-backend/auth/advanced-workflows/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index 8bf37a6316d..ab815fa8a1c 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -421,7 +421,7 @@ To move to a different access group, update the name parameter of the AccessGrou ### Migrating from a Shared Keychain -If you’d like to stop sharing state between this app and other apps, you can set the access group to be `AccessGroup.none` or `AccessGroup.none(migrateKeychainItemsOfUserSession: true)` if you’d like the session to be migrated. +If you’d like to stop sharing state between this app and other apps, you can set the access group to be `AccessGroup.none` or `AccessGroup.none(migrateKeychainItemsOfUserSession: true)` if you’d like the session to be migrated. From 7f4f65926c4cc27f45529972a308ce766bf079ff Mon Sep 17 00:00:00 2001 From: Harshdeep Singh <6162866+harsh62@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:52:47 -0400 Subject: [PATCH 3/8] adding team id details --- .../auth/advanced-workflows/index.mdx | 32 +++++++++++++++---- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index c07b43bfe4f..67ed00627de 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -381,7 +381,7 @@ func federateToIdentityPoolsUsingCustomIdentityId() async throws { To use a shared keychain: -1. In Xcode, go to Project Settings → Signing & Capabilities +1. In Xcode, go to Project Settings → Your Target → Signing & Capabilities 2. Click +Capability 3. Add Keychain Sharing capability 4. Add a keychain group @@ -390,7 +390,7 @@ To use a shared keychain: To move to the shared keychain using this new keychain access group, specify the accessGroup parameter when instantiating the `AWSCognitoAuthPlugin`. If a user is currently signed-in, they will be logged out when first using the access group: ```swift -let accessGroup = AccessGroup(name: "\(teamID).com.example.sharedItems") +let accessGroup = AccessGroup(name: "\(teamID)com.example.sharedItems") let secureStoragePreferences = AWSCognitoSecureStoragePreferences( accessGroup: accessGroup) try Amplify.add( @@ -403,7 +403,7 @@ If you would prefer the user session to be migrated (which will allow the user t ```swift let accessGroup = AccessGroup( - name: "\(teamID).com.example.sharedItems", + name: "\(teamID)com.example.sharedItems", migrateKeychainItemsOfUserSession: true) let secureStoragePreferences = AWSCognitoSecureStoragePreferences( accessGroup: accessGroup) @@ -421,8 +421,30 @@ To move to a different access group, update the name parameter of the AccessGrou ### Migrating from a Shared Keychain -If you’d like to stop sharing state between this app and other apps, you can set the access group to be `AccessGroup.none` or `AccessGroup.none(migrateKeychainItemsOfUserSession: true)` if you’d like the session to be migrated. +If you'd like to stop sharing state between this app and other apps, you can set the access group to be `AccessGroup.none` or `AccessGroup.none(migrateKeychainItemsOfUserSession: true)` if you'd like the session to be migrated. +### Retrieving Team ID + +First, ensure your Info.plist has the `AppIdentifierPrefix` key: + +```xml + + + + + AppIdentifierPrefix + $(AppIdentifierPrefix) + + +``` + +Then, you can retrieve the team ID from your Info.plist: + +```swift +guard let teamID = Bundle.main.infoDictionary?["AppIdentifierPrefix"] as? String else { + fatalError("AppIdentifierPrefix key not found in Info.plist") +} +``` @@ -834,5 +856,3 @@ Amplify.configure(awsconfig, { ## API reference For the complete API documentation for Authentication module, visit our [API Reference](https://aws-amplify.github.io/amplify-js/api/modules/aws_amplify.auth.html) - - From bdeeb17d7136f93214f45f58466a31e31c8fe81a Mon Sep 17 00:00:00 2001 From: Harshdeep Singh <6162866+harsh62@users.noreply.github.com> Date: Wed, 19 Mar 2025 13:54:49 -0400 Subject: [PATCH 4/8] adding the inline filter back that was accidentally removed --- .../build-a-backend/auth/advanced-workflows/index.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index 67ed00627de..cf47c324181 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -856,3 +856,5 @@ Amplify.configure(awsconfig, { ## API reference For the complete API documentation for Authentication module, visit our [API Reference](https://aws-amplify.github.io/amplify-js/api/modules/aws_amplify.auth.html) + + From 88b890b6c5acc2452e9dbf44ccea1a7a0da6a06e Mon Sep 17 00:00:00 2001 From: Harsh <6162866+harsh62@users.noreply.github.com> Date: Wed, 19 Mar 2025 14:35:44 -0400 Subject: [PATCH 5/8] Update src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx Co-authored-by: josef --- .../build-a-backend/auth/advanced-workflows/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index cf47c324181..c5b1e9d5943 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -382,7 +382,7 @@ func federateToIdentityPoolsUsingCustomIdentityId() async throws { To use a shared keychain: 1. In Xcode, go to Project Settings → Your Target → Signing & Capabilities -2. Click +Capability +2. Select +Capability 3. Add Keychain Sharing capability 4. Add a keychain group 5. Repeat for all apps for which you want to share auth state, adding the same keychain group for all of them From 8723d46dfa2ede2456d0ce0502fff796dc3fa24c Mon Sep 17 00:00:00 2001 From: Harsh <6162866+harsh62@users.noreply.github.com> Date: Wed, 19 Mar 2025 14:35:50 -0400 Subject: [PATCH 6/8] Update src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx Co-authored-by: josef --- .../build-a-backend/auth/advanced-workflows/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index c5b1e9d5943..2cd2393ab9d 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -387,7 +387,7 @@ To use a shared keychain: 4. Add a keychain group 5. Repeat for all apps for which you want to share auth state, adding the same keychain group for all of them -To move to the shared keychain using this new keychain access group, specify the accessGroup parameter when instantiating the `AWSCognitoAuthPlugin`. If a user is currently signed-in, they will be logged out when first using the access group: +To move to the shared keychain using this new keychain access group, specify the `accessGroup` parameter when instantiating the `AWSCognitoAuthPlugin`. If a user is currently signed in, they will be signed out when first using the access group: ```swift let accessGroup = AccessGroup(name: "\(teamID)com.example.sharedItems") From d1abcba05ea4f33019d80a398c88a1ab614aa618 Mon Sep 17 00:00:00 2001 From: Harsh <6162866+harsh62@users.noreply.github.com> Date: Wed, 19 Mar 2025 14:35:56 -0400 Subject: [PATCH 7/8] Update src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx Co-authored-by: josef --- .../build-a-backend/auth/advanced-workflows/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index 2cd2393ab9d..14488fa781a 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -399,7 +399,7 @@ try Amplify.add( try Amplify.configure() ``` -If you would prefer the user session to be migrated (which will allow the user to continue to be signed-in), then specify the `migrateKeychainItemsOfUserSession` boolean in the AccessGroup to be true like so: +If you would prefer the user session to be migrated (which will allow the user to continue to be signed in), then specify the `migrateKeychainItemsOfUserSession` boolean in the AccessGroup to be true like so: ```swift let accessGroup = AccessGroup( From b0e8d09d2cc331e3f19fee7338aa068ae34a3d49 Mon Sep 17 00:00:00 2001 From: Harsh <6162866+harsh62@users.noreply.github.com> Date: Wed, 19 Mar 2025 14:36:02 -0400 Subject: [PATCH 8/8] Update src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx Co-authored-by: josef --- .../build-a-backend/auth/advanced-workflows/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx index 14488fa781a..8e1a7798bdf 100644 --- a/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx +++ b/src/pages/[platform]/build-a-backend/auth/advanced-workflows/index.mdx @@ -427,7 +427,7 @@ If you'd like to stop sharing state between this app and other apps, you can set First, ensure your Info.plist has the `AppIdentifierPrefix` key: -```xml +```xml title="Info.plist"