User not signed into Firebase in Share App Extension

To expand on KutakMir's answer, these steps worked for us:

Step 1. Set up Firebase for the share extension

Steps from this Stackoverflow answer:

  1. Copy the containing app's GoogleService-Info.plist into your extension in Xcode
  2. Drag the copied GoogleService-Info.plist into Xcode into your share extension and
  3. Change the BUNDLE_ID to the name of your share extension's target
  4. Add new target to your Podfile
  5. Install dependencies (pod install)
  6. Configure the Firebase application object in your extension

Step 2. Set up shared container between containing (i.e., main) app and shared extension

Described in App Extension Programming Guide: Handling Common Scenarios. Basically turn on "App Groups" at the Capabilities tab for both your targets (i.e., containing app and share extension), and provide the same designation at both places.

Step 3. Set up keychain sharing

The basic steps are similar to step 2: turn on "Keychain Sharing" at the Capabilities tab for both targets, and provide the designation at both places. (In more detail in the official docs.)

Make sure to append your APP_ID to the Keychain access group when using the queries in the docs! The link above points this out, but this Github issue comment is more useful.

Step 4. Use the Keychain and shared container to synchronize user access

Our workflow:

  • On login (either in share extension or main app), save user ID to the shared container, and save username and password to the Keychain using the user ID as the key

  • On startup (either share extension or main app), check shared container for user ID. If there, it means that user already signed in either the main app or the share extension therefore they should be signed into both. So retrieve credentials from Keychain, and sign in user using signIn(withEmail:password:completion:)

Our project at the point when everything was set up. It is messy with lots of duplication, but works. Relevant files are

  • Access News/LoginViewController.swift
  • Access News/SessionStartViewController.swift
  • Access News/NVC.swift
  • Access-News-Uploader/UploaderNavigationViewController.swift

Tracking down Keychain error codes

This was the most frustrating part. The error codes are of type OSStatus, and they are listed in Security Framework Result Codes, but sometimes one just sees a signed integer when testing. I couldn't find an official list, but OSStatus.com will save a lot of frustration. For example, here's a query of all the Security Framework codes.


Other useful links to official Keychain docs:

  • Adding a Password to the Keychain
  • Searching for Keychain Items
  • Updating and Deleting Keychain Items
  • kSecValueData (it wasn't where I expected it to be)
  • Item Return Result Keys
  • Item Class Keys and Values
  • Item Attribute Keys and Values

Go to your main target and extension target and setup keychain sharing. The Firebase Auth is saving the access token to the keychain.