[Auth] TOTP support for macOS

cbenhagen · cbenhagen · commit fcf2fdac0166 · 2025-07-15T07:12:40.000+02:00
diff --git a/FirebaseAuth/CHANGELOG.md b/FirebaseAuth/CHANGELOG.md
@@ -1,3 +1,6 @@
+# 12.1.0
+- [added] Added TOTP support for macOS.
+
 # 12.0.0
 - [removed] **Breaking Change**: Removed the following Dynamic Links related
   APIs:
diff --git a/FirebaseAuth/README.md b/FirebaseAuth/README.md
@@ -1,4 +1,4 @@
-# Firebase Auth for iOS
+# Firebase Auth for iOS and macOS
 
 Firebase Auth enables apps to easily support multiple authentication options
 for their end users.
diff --git a/FirebaseAuth/Sources/ObjC/FIRMultiFactorConstants.m b/FirebaseAuth/Sources/ObjC/FIRMultiFactorConstants.m
@@ -15,7 +15,7 @@
  */
 
 #import <TargetConditionals.h>
-#if TARGET_OS_IOS
+#if TARGET_OS_IOS || TARGET_OS_OSX
 
 #import <Foundation/Foundation.h>
 
diff --git a/FirebaseAuth/Sources/Public/FirebaseAuth/FIRMultiFactor.h b/FirebaseAuth/Sources/Public/FirebaseAuth/FIRMultiFactor.h
@@ -5,7 +5,7 @@
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *      http://www.apache.org/licenses/LICENSE2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,27 +22,26 @@ NS_ASSUME_NONNULL_BEGIN
 
 /** @typedef FIRMultiFactorSessionCallback
     @brief The callback that triggered when a developer calls `getSessionWithCompletion`.
-        This type is available on iOS only.
+        This type is available on iOS and macOS.
     @param session The multi factor session returned, if any.
     @param error The error which occurred, if any.
 */
 typedef void (^FIRMultiFactorSessionCallback)(FIRMultiFactorSession *_Nullable session,
                                               NSError *_Nullable error)
-    NS_SWIFT_UNAVAILABLE("Use Swift's closure syntax instead.")
-        API_UNAVAILABLE(macos, tvos, watchos);
+    NS_SWIFT_UNAVAILABLE("Use Swift's closure syntax instead.") API_UNAVAILABLE(tvos, watchos);
 
 /**
    @brief The string identifier for using phone as a second factor.
-        This constant is available on iOS only.
+        This constant is available on iOS and macOS.
 */
 extern NSString *const _Nonnull FIRPhoneMultiFactorID NS_SWIFT_NAME(PhoneMultiFactorID)
-    API_UNAVAILABLE(macos, tvos, watchos);
+    API_UNAVAILABLE(tvos, watchos);
 
 /**
    @brief The string identifier for using TOTP as a second factor.
-        This constant is available on iOS only.
+        This constant is available on iOS and macOS.
 */
 extern NSString *const _Nonnull FIRTOTPMultiFactorID NS_SWIFT_NAME(TOTPMultiFactorID)
-    API_UNAVAILABLE(macos, tvos, watchos);
+    API_UNAVAILABLE(tvos, watchos);
 
 NS_ASSUME_NONNULL_END
diff --git a/FirebaseAuth/Sources/Swift/Backend/AuthBackend.swift b/FirebaseAuth/Sources/Swift/Backend/AuthBackend.swift
@@ -99,7 +99,7 @@ final class AuthBackend: AuthBackendProtocol {
   }
 
   private static func generateMFAError(response: AuthRPCResponse, auth: Auth) -> Error? {
-    #if !os(iOS)
+    #if !os(iOS) || !os(macOS)
       return nil
     #else
       if let mfaResponse = response as? AuthMFAResponse,
@@ -124,7 +124,7 @@ final class AuthBackend: AuthBackendProtocol {
       } else {
         return nil
       }
-    #endif // !os(iOS)
+    #endif // !os(iOS) || !os(macOS)
   }
 
   // Check whether or not the successful response is actually the special case phone
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactor.swift b/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactor.swift
@@ -14,15 +14,15 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   extension MultiFactor: NSSecureCoding {}
 
   /// The interface defining the multi factor related properties and operations pertaining to a
   /// user.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   @objc(FIRMultiFactor) open class MultiFactor: NSObject {
     @objc open var enrolledFactors: [MultiFactorInfo]
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorAssertion.swift b/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorAssertion.swift
@@ -14,12 +14,12 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// The base class for asserting ownership of a second factor. This is equivalent to the
   ///    AuthCredential class.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @objc(FIRMultiFactorAssertion) open class MultiFactorAssertion: NSObject {
     /// The second factor identifier for this opaque object asserting a second factor.
     @objc open var factorID: String
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorInfo.swift b/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorInfo.swift
@@ -16,12 +16,12 @@ import Foundation
 
 // TODO(Swift 6 Breaking): Make checked Sendable.
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
   extension MultiFactorInfo: NSSecureCoding {}
 
   /// Safe public structure used to represent a second factor entity from a client perspective.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @objc(FIRMultiFactorInfo) open class MultiFactorInfo: NSObject, @unchecked Sendable {
     /// The multi-factor enrollment ID.
     @objc(UID) public let uid: String
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorResolver.swift b/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorResolver.swift
@@ -14,12 +14,12 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// The subclass of base class `MultiFactorAssertion`, used to assert ownership of a phone
   /// second factor.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   @objc(FIRMultiFactorResolver)
   open class MultiFactorResolver: NSObject {
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorSession.swift b/FirebaseAuth/Sources/Swift/MultiFactor/MultiFactorSession.swift
@@ -14,7 +14,7 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// Opaque object that identifies the current session to enroll a second factor or to
   /// complete sign in when previously enrolled.
@@ -23,7 +23,7 @@ import Foundation
   /// or to complete sign in when previously enrolled. It contains additional context on the
   /// existing user, notably the confirmation that the user passed the first factor challenge.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   @objc(FIRMultiFactorSession) open class MultiFactorSession: NSObject {
     /// The ID token for an enroll flow. This has to be retrieved after recent authentication.
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/Phone/PhoneMultiFactorAssertion.swift b/FirebaseAuth/Sources/Swift/MultiFactor/Phone/PhoneMultiFactorAssertion.swift
@@ -14,12 +14,12 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// The subclass of base class FIRMultiFactorAssertion, used to assert ownership of a phone
   /// second factor.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   @objc(FIRPhoneMultiFactorAssertion) open class PhoneMultiFactorAssertion: MultiFactorAssertion {
     var authCredential: PhoneAuthCredential?
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/Phone/PhoneMultiFactorGenerator.swift b/FirebaseAuth/Sources/Swift/MultiFactor/Phone/PhoneMultiFactorGenerator.swift
@@ -14,14 +14,14 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// The data structure used to help initialize an assertion for a second factor entity to the
   /// Firebase Auth/CICP server.
   ///
   /// Depending on the type of second factor, this will help generate the assertion.
   ///
-  ///  This class is available on iOS only.
+  ///  This class is available on iOS and macOS.
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   @objc(FIRPhoneMultiFactorGenerator)
   open class PhoneMultiFactorGenerator: NSObject {
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/Phone/PhoneMultiFactorInfo.swift b/FirebaseAuth/Sources/Swift/MultiFactor/Phone/PhoneMultiFactorInfo.swift
@@ -16,13 +16,13 @@ import Foundation
 
 // TODO(Swift 6 Breaking): Make checked Sendable.
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// Extends the MultiFactorInfo class for phone number second factors.
   ///
   /// The identifier of this second factor is "phone".
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @objc(FIRPhoneMultiFactorInfo) open class PhoneMultiFactorInfo: MultiFactorInfo,
     @unchecked Sendable {
     /// The string identifier for using phone as a second factor.
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultFactorAssertion.swift b/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultFactorAssertion.swift
@@ -14,7 +14,7 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   enum SecretOrID {
     case secret(TOTPSecret)
@@ -24,7 +24,7 @@ import Foundation
   /// The subclass of base class MultiFactorAssertion, used to assert ownership of a TOTP
   /// (Time-based One Time Password) second factor.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @objc(FIRTOTPMultiFactorAssertion) open class TOTPMultiFactorAssertion: MultiFactorAssertion {
     let oneTimePassword: String
     let secretOrID: SecretOrID
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultiFactorGenerator.swift b/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultiFactorGenerator.swift
@@ -14,13 +14,13 @@
 
 import Foundation
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// The data structure used to help initialize an assertion for a second factor entity to the
   /// Firebase Auth/CICP server. Depending on the type of second factor, this will help generate
   /// the assertion.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   @objc(FIRTOTPMultiFactorGenerator) open class TOTPMultiFactorGenerator: NSObject {
     /// Creates a TOTP secret as part of enrolling a TOTP second factor. Used for generating a
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultiFactorInfo.swift b/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPMultiFactorInfo.swift
@@ -17,13 +17,13 @@ import Foundation
 // TODO(Swift 6 Breaking): Make checked Sendable. Also, does this need
 // to be public?
 
-#if os(iOS)
+#if os(iOS) || os(macOS)
 
   /// Extends the MultiFactorInfo class for time based one-time password second factors.
   ///
   /// The identifier of this second factor is "totp".
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   class TOTPMultiFactorInfo: MultiFactorInfo, @unchecked Sendable {
     /// Initialize the AuthProtoMFAEnrollment instance with proto.
     /// - Parameter proto: AuthProtoMFAEnrollment proto object.
diff --git a/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPSecret.swift b/FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPSecret.swift
@@ -19,13 +19,17 @@ import Foundation
   internal import GoogleUtilities_Environment
 #endif
 
-#if os(iOS)
-  import UIKit
+#if os(iOS) || os(macOS)
+  #if os(iOS)
+    import UIKit
+  #elseif os(macOS)
+    import AppKit
+  #endif
 
   /// The subclass of base class MultiFactorAssertion, used to assert ownership of a TOTP
   /// (Time-based One Time Password) second factor.
   ///
-  /// This class is available on iOS only.
+  /// This class is available on iOS and macOS.
   @objc(FIRTOTPSecret) open class TOTPSecret: NSObject {
     /// Returns the shared secret key/seed used to generate time-based one-time passwords.
     @objc open func sharedSecretKey() -> String {
@@ -57,24 +61,34 @@ import Foundation
     @MainActor @objc(openInOTPAppWithQRCodeURL:)
     open func openInOTPApp(withQRCodeURL qrCodeURL: String) {
       if GULAppEnvironmentUtil.isAppExtension() {
-        // iOS App extensions should not call [UIApplication sharedApplication], even if
-        // UIApplication responds to it.
+        // App extensions should not call [UIApplication sharedApplication] or [NSWorkspace
+        // sharedWorkspace],
+        // even if they respond to it.
         return
       }
 
-      // Using reflection here to avoid build errors in extensions.
-      let sel = NSSelectorFromString("sharedApplication")
-      guard UIApplication.responds(to: sel),
-            let rawApplication = UIApplication.perform(sel),
-            let application = rawApplication.takeUnretainedValue() as? UIApplication else {
-        return
-      }
-      if let url = URL(string: qrCodeURL), application.canOpenURL(url) {
-        application.open(url, options: [:], completionHandler: nil)
-      } else {
-        AuthLog.logError(code: "I-AUT000019",
-                         message: "URL: \(qrCodeURL) cannot be opened")
-      }
+      #if os(iOS)
+        // Using reflection here to avoid build errors in extensions.
+        let sel = NSSelectorFromString("sharedApplication")
+        guard UIApplication.responds(to: sel),
+              let rawApplication = UIApplication.perform(sel),
+              let application = rawApplication.takeUnretainedValue() as? UIApplication else {
+          return
+        }
+        if let url = URL(string: qrCodeURL), application.canOpenURL(url) {
+          application.open(url, options: [:], completionHandler: nil)
+        } else {
+          AuthLog.logError(code: "I-AUT000019",
+                           message: "URL: \(qrCodeURL) cannot be opened")
+        }
+      #elseif os(macOS)
+        if let url = URL(string: qrCodeURL) {
+          NSWorkspace.shared.open(url)
+        } else {
+          AuthLog.logError(code: "I-AUT000019",
+                           message: "URL: \(qrCodeURL) cannot be opened")
+        }
+      #endif
     }
 
     /// Shared secret key/seed used for enrolling in TOTP MFA and generating OTPs.
diff --git a/FirebaseAuth/Sources/Swift/User/User.swift b/FirebaseAuth/Sources/Swift/User/User.swift
@@ -58,10 +58,10 @@ extension User: NSSecureCoding {}
   /// The tenant ID of the current user. `nil` if none is available.
   @objc public private(set) var tenantID: String?
 
-  #if os(iOS)
+  #if os(iOS) || os(macOS)
     /// Multi factor object associated with the user.
     ///
-    /// This property is available on iOS only.
+    /// This property is available on iOS and macOS.
     @objc public private(set) var multiFactor: MultiFactor
   #endif
 
@@ -1066,7 +1066,7 @@ extension User: NSSecureCoding {}
     isEmailVerified = false
     metadata = UserMetadata(withCreationDate: nil, lastSignInDate: nil)
     tenantID = nil
-    #if os(iOS)
+    #if os(iOS) || os(macOS)
       multiFactor = MultiFactor(withMFAEnrollments: [])
     #endif
     uid = ""
@@ -1297,7 +1297,7 @@ extension User: NSSecureCoding {}
       }
     }
     providerDataRaw = providerData
-    #if os(iOS)
+    #if os(iOS) || os(macOS)
       if let enrollments = user.mfaEnrollments {
         multiFactor = MultiFactor(withMFAEnrollments: enrollments)
       }
@@ -1718,7 +1718,7 @@ extension User: NSSecureCoding {}
       coder.encode(auth.requestConfiguration.appID, forKey: kFirebaseAppIDCodingKey)
     }
     coder.encode(tokenService, forKey: kTokenServiceCodingKey)
-    #if os(iOS)
+    #if os(iOS) || os(macOS)
       coder.encode(multiFactor, forKey: kMultiFactorCodingKey)
     #endif
   }
@@ -1747,7 +1747,7 @@ extension User: NSSecureCoding {}
       as? [String: UserInfoImpl]
     let metadata = coder.decodeObject(of: UserMetadata.self, forKey: kMetadataCodingKey)
     let tenantID = coder.decodeObject(of: NSString.self, forKey: kTenantIDCodingKey) as? String
-    #if os(iOS)
+    #if os(iOS) || os(macOS)
       let multiFactor = coder.decodeObject(of: MultiFactor.self, forKey: kMultiFactorCodingKey)
     #endif
     self.tokenService = tokenService
@@ -1778,7 +1778,7 @@ extension User: NSSecureCoding {}
     backend = AuthBackend(rpcIssuer: AuthBackendRPCIssuer())
 
     userProfileUpdate = UserProfileUpdate()
-    #if os(iOS)
+    #if os(iOS) || os(macOS)
       self.multiFactor = multiFactor ?? MultiFactor()
       super.init()
       multiFactor?.user = self
diff --git a/FirebaseAuth/Tests/Unit/ObjCAPITests.m b/FirebaseAuth/Tests/Unit/ObjCAPITests.m
diff --git a/FirebaseAuth/Tests/Unit/ObjCGlobalTests.m b/FirebaseAuth/Tests/Unit/ObjCGlobalTests.m
diff --git a/FirebaseAuth/Tests/Unit/SwiftAPI.swift b/FirebaseAuth/Tests/Unit/SwiftAPI.swift
diff --git a/FirebaseAuth/Tests/Unit/SwiftGlobalTests.swift b/FirebaseAuth/Tests/Unit/SwiftGlobalTests.swift
diff --git a/FirebaseAuth/Tests/Unit/UserTests.swift b/FirebaseAuth/Tests/Unit/UserTests.swift
diff --git a/FirebaseCombineSwift/Sources/Auth/MultiFactor+Combine.swift b/FirebaseCombineSwift/Sources/Auth/MultiFactor+Combine.swift
diff --git a/FirebaseCombineSwift/Sources/Auth/MultiFactorResolver+Combine.swift b/FirebaseCombineSwift/Sources/Auth/MultiFactorResolver+Combine.swift

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# Firebase Auth for iOS`
	`1`	`+# Firebase Auth for iOS and macOS`
`2`	`2`
`3`	`3`	`Firebase Auth enables apps to easily support multiple authentication options`
`4`	`4`	`for their end users.`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ final class AuthBackend: AuthBackendProtocol {`
`99`	`99`	`}`
`100`	`100`
`101`	`101`	`private static func generateMFAError(response: AuthRPCResponse, auth: Auth) -> Error? {`
`102`		`- #if !os(iOS)`
	`102`	`+ #if !os(iOS) \|\| !os(macOS)`
`103`	`103`	`return nil`
`104`	`104`	`#else`
`105`	`105`	`if let mfaResponse = response as? AuthMFAResponse,`
`@@ -124,7 +124,7 @@ final class AuthBackend: AuthBackendProtocol {`
`124`	`124`	`} else {`
`125`	`125`	`return nil`
`126`	`126`	`}`
`127`		`- #endif // !os(iOS)`
	`127`	`+ #endif // !os(iOS) \|\| !os(macOS)`
`128`	`128`	`}`
`129`	`129`
`130`	`130`	`// Check whether or not the successful response is actually the special case phone`