I am trying to create a share extension for my application which requires to login to Google from the extension. I've setup the sharing group keychain and am able to write from the main application and read the extension target. But I can't login to Google from the extension because GIDSignIn.sharedInstance().hasAuthInKeychain()
always returns false.
Is there any way to login to Google from an extension and how do I do that? Any help would be appreciated.
1. In Bridging-Header.h
import <GoogleSignIn/GoogleSignIn.h>
import <Google/Core.h>
2. In AppDelegate.swift
import Google
In application:didFinishLaunchingWithOptionslaunchOptions:
configure the GGLContext
object:
func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
var configureError: NSError?
GGLContext.sharedInstance().configureWithError(&configureError)
assert(configureError == nil, "Error configuring Google services: \(configureError)")
GIDSignIn.sharedInstance().clientID = "client id"
GIDSignIn.sharedInstance.shouldFetchBasicProfile = true
GIDSignIn.sharedInstance().delegate = self
}
Then, add a GIDSignInButton
view to your app.
Lastly, in the view controller, implement the signIn:didSignInForUser:
delegate method that will be called when the sign-in button is tapped:
when authorizing the app.
- (void)signIn:(GIDSignIn *)signIn
didSignInForUser:(GIDGoogleUser *)user
withError:(NSError *)error {
// Perform any operations on signed in user here.
// ...
}
3. Sharing Credentials between apps/extensions
When you sign-in the Google framework will have to use native iOS methods to add the new credentials to the iOS Keychain. Thus they will be using the SecItemAdd(_:_:)
method that will add one or more items to a keychain.
To access the same keychain item in both the app and the extension, you need to enable the "Keychain Sharing" for both the app and the extension from the Xcode's Capabilities section in your project settings. When you do this, Xcode will probably want to update your app ID and provisioning profiles, because they need to reflect this new capability. You'll probably have to reauthorize the app (Step 2) to get the credentials into the right group.
Apple Documentation clearly states:
If you want the new keychain item to be shared among multiple
applications, include the kSecAttrAccessGroup key in the attributes
dictionary. The value of this key must be the name of a keychain
access group to which all of the programs that will share this item
belong.
When you use Xcode to create an application, Xcode adds an
application-identifier entitlement to the application bundle. Keychain
Services uses this entitlement to grant the application access to its
own keychain items. You can also add a keychain-access-groups
entitlement to the application and, in the entitlement property list
file, specify an array of keychain access groups to which the
application belongs.
4. Extra Hints from Google that I haven't mentioned above.
Please see "Google Sign-In for iOS".
Here is sample code to use GIDSignIn
:
- Get a reference to the
GIDSignIn
shared instance: GIDSignIn *signIn = [GIDSignIn sharedInstance];
- Set the OAuth 2.0 scopes you want to request:
[signIn setScopes:[NSArray arrayWithObject:@"https://www.googleapis.com/auth/plus.login"]];
- Call
[signIn setDelegate:self];
- Set up delegate method
signIn:didSignInForUser:withError:
.
- Call
handleURL
on the shared instance from application:openUrl:
... in your app delegate.
- Call
signIn
on the shared instance;
To do this you need to enable Keychain Sharing
in your project's "Capabilities" pane. This will allow both the extension and the main app to share the password.
Apple's documentation on Keychain Sharing is here.
No answer until now. I finally rewrite the Google login by using Aerogear framework. Now I can able to login from both main target and extension target. This also fix this google logout issue.