firebase-ios-sdk icon indicating copy to clipboard operation
firebase-ios-sdk copied to clipboard

Published 20 hours ago verified publisher icon firebase

[FR]: Add inMemory support for Auth module

Open nawaz4225 opened this issue 10 months ago • 1 comments

Description

1. Use Case: As a developer, I need to configure the Firebase Auth module to utilize in-memory storage exclusively within the UI Tests target. Since UI Tests cannot access the Keychain, this adjustment is critical for validating UI state changes triggered by Firestore snapshot listeners. Specifically, I require the ability to programmatically authenticate users during UI tests to bypass security rules and verify correct UI behavior when interacting with Firestore data protected by authenticated user permissions.

2. Current Firebase SDK Behavior: The Firebase Auth SDK defaults to secure Keychain storage for sensitive user data (tokens, credentials) on iOS/macOS. While this ensures production-grade security, it renders Auth unusable in UI Testing environments due to Keychain access restrictions. This limitation blocks testing of auth-dependent flows, such as Firestore write operations guarded by security rules.

3. Proposed Enhancement for Firebase SDK: Introduce an explicit in-memory storage mode for Firebase Auth, configurable at runtime. This mode would:

Disable Keychain Persistence: Prevent any Keychain read/write operations when activated. Retain Auth State In-Memory: Maintain user credentials, tokens, and auth state within the active app session. Reset State on App Termination: Clear all auth data upon app exit to mimic ephemeral test environments. Implementation Recommendations:

Add a storageType Property to AuthSettings:

public enum AuthStorageType {
  case keychain    // Default production behavior (persists to Keychain)
  case inMemory    // Ephemeral storage for tests (no Keychain access)
}

let auth = Auth.auth()
auth.settings.storageType = .inMemory // Set before auth APIs are used

Documentation & Safety Measures: Clearly label .inMemory as unsuitable for production in API docs. Throw a runtime warning/assertion if .inMemory is used outside of debug/UI test builds.

  1. Benefits:

Unblock UI Testing: Enables end-to-end validation of auth-gated workflows (e.g., Firestore writes) without Keychain. Explicit Control: Developers opt into in-memory behavior only where needed, preserving secure defaults. Platform Consistency: Aligns with existing patterns like Firestore’s settings.isPersistenceEnabled.

func testAuthProtectedFlow() {
  // Configure Auth for in-memory (no Keychain)  
  let app = XCUIApplication()
  app.launch()

  // Programmatically sign in (no UI interaction)  
  Auth.auth().signIn(withEmail: "[email protected]", password: "password")

  // Perform Firestore write & validate UI update  
  let db = Firestore.firestore()
  db.collection("protectedData").document("testDoc").setData(["value": 42])
  XCTAssert(app.staticTexts["Data Updated"].exists)
}

This approach balances security with testing flexibility, empowering developers to validate auth-integrated experiences fully.

API Proposal

No response

Firebase Product(s)

Authentication

nawaz4225 avatar Jan 29 '25 17:01 nawaz4225

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

google-oss-bot avatar Jan 29 '25 17:01 google-oss-bot

This would be highly appreciated from my side as well! The current behavior blocks my automated acceptance testing efforts!

Cheers! Angu

angu-software avatar Jul 10 '25 18:07 angu-software