GoogleSignIn-iOS icon indicating copy to clipboard operation
GoogleSignIn-iOS copied to clipboard
verified publisher icon google

GIDSignIn.signIn getting "keychain error" for some users

Open alperkayabasi opened this issue 3 years ago • 37 comments

Hello,

We are using GoogleSignIn for a few years. Suddenly, some users start to get "com.google.GIDSignIn / error code: -2 / keychain error" and we can't sign them in to our application.

To fix this, I have to enable "keychain sharing access" in my project settings (we have never enabled this and it was working as expected for a long time) and add "com.google.GIDSignIn" as keychain group. Here is the screenshot; Screen Shot 2022-05-30 at 14 04 57 If I use my own bundle id here I still get the same error, I have to add com.google.GIDSignIn specifically.

This is not one of the steps to integrate the SDK and I don't know why it is neccessary to add "com.google.GIDSignIn" keychain sharing access in my project.

Can you help with the issue? Thank you.

alperkayabasi avatar May 30 '22 11:05 alperkayabasi

Can you tell me what version of Google Sign-In you're using when you see this behavior? The version of GTMAppAuth you're building with would also be relevant, as well as the version(s) of iOS you're seeing this on.

petea avatar May 30 '22 16:05 petea

We are having the same problem here.

  • GMTAppAuth: 1.2.3
  • iOS version 15.5 (notice that it happens to some phones not happen with some other phones)

tuando3i avatar May 31 '22 04:05 tuando3i

Also seeing this with iOS 15.5, but also iOS 14.7.1 . GTMAppAuth 1.2.3. It was reported today. Still looking to see if the version of iOS is a determining factor. This is an app that is in the store. Have now determined that updating to GTMAppAuth 1.3.0 solves the problem for our app at least. My Podfile has pod 'GoogleSignIn', '~> 5.0.1' and doing an pod update now gets me 1.3.0 instead of 1.2.3

AndyActionItem avatar May 31 '22 09:05 AndyActionItem

  • GoogleSignIn (6.1.0)
  • GTMAppAuth (1.2.2)

The device I debugged was iOS 15.4.1 but there are many users who reported the issue, I don't know the OS versions of all.

alperkayabasi avatar May 31 '22 10:05 alperkayabasi

I'm also having the same issue. Any suggestions would be great.

sopherwang avatar May 31 '22 23:05 sopherwang

I'm also facing this issue today.

longvudai avatar Jun 01 '22 15:06 longvudai

It sounds as though the Keychain is returning an error for some reason, causing GIDSignIn's -saveAuthState: to fail following a -signIn or -restorePreviousSignIn.

Is anyone able to reliably reproduce this behavior in a debug build? If so, you could provide repro steps?

petea avatar Jun 01 '22 22:06 petea

Yes I could debug it but there are no "steps" to reproduce the bug really, I just call GIDSignIn.sharedInstance.signIn method. It seems like device or user specific. You do same steps with two different devices, one logs in, one doesn't.

All the users who had trouble logging in have an active Google session in Safari. Sadly, that's all I have.

alperkayabasi avatar Jun 02 '22 07:06 alperkayabasi

If you can reproduce this in a debug build, try setting a breakpoint in GTMAppAuth's GTMKeychain implementation in the -setPasswordData:forService:accessibility:account:error: method and check the return value of the SecItemAdd call. A non-zero value of status could provide some insight into what type of a Keychain error we're dealing with.

petea avatar Jun 02 '22 08:06 petea

The "keyChain Error" is not shown in an updated version of GTMAppAuth (1.3.0). Just updated to the newest version to resolve the error.

zaidhafeez avatar Jun 02 '22 10:06 zaidhafeez

If you can reproduce this in a debug build, try setting a breakpoint in GTMAppAuth's GTMKeychain implementation in the -setPasswordData:forService:accessibility:account:error: method and check the return value of the SecItemAdd call. A non-zero value of status could provide some insight into what type of a Keychain error we're dealing with.

The status returned in GTMAppAuth (1.2.2). is errSecDuplicateItem.

zaidhafeez avatar Jun 02 '22 10:06 zaidhafeez

@zaidhafeez thanks for the feedback.

For anyone who is (or was) experiencing this behavior, could you list all the third-party libraries you're using and how they're being built / linked (Swift Package Manager, CocoaPods, XCFrameworks, etc). I'm looking for a potential source of conflicting Keychain operations.

petea avatar Jun 02 '22 17:06 petea

GoogleSignIn(5.0.2) iOS 14.6

iyouqiang avatar Jun 06 '22 09:06 iyouqiang

I can verify that "keychain error" doesn't occur on GTMAppAuth version (1.3.0). It still persists on 1.2.2 though.

alperkayabasi avatar Jun 06 '22 09:06 alperkayabasi

@alperkayabasi could you let me know which (if any) third-party libraries you're using in addition to Google Sign-In? Please see my previous comment.

petea avatar Jun 06 '22 15:06 petea

@petea We're using a lot of 3rd party frameworks but I'll try to list major ones.

pod 'Alamofire'

pod 'Firebase/Database'
pod 'Firebase/Auth'
pod 'Firebase/Analytics'
pod 'Firebase/Performance'
pod 'Firebase/Crashlytics'
pod 'GoogleAppMeasurement'

pod 'Google-Mobile-Ads-SDK'
pod 'GoogleSignIn'

pod 'FBSDKCoreKit'
pod 'FBAudienceNetwork'
pod 'FBSDKLoginKit'

pod 'Adjust'
pod 'AppsFlyerFramework'

pod 'CryptoSwift'
pod 'KeychainSwift'
pod 'TikTokOpenSDK'
pod 'SwiftyVK'

alperkayabasi avatar Jun 07 '22 11:06 alperkayabasi

Upgrade to 6.2.2 solve my keychain error problem.

longvudai avatar Jun 09 '22 06:06 longvudai

@iyouqiang I use same version.

I resolved by upgrading 6.0.0 version. but I don't wanna upgrade.

I deleted the app once, but I can't login. Although I logged in with 6.0.0 version and logout, I can't login with 5.0.2.

Anyone can resolved?

sugitatestblue avatar Jul 06 '22 09:07 sugitatestblue

I am also getting the same error for my application. It was working well before.

SimmaAulakh avatar Aug 15 '22 14:08 SimmaAulakh

Same here, got the issue on my phone with multiple accounts

kvacquier avatar Aug 18 '22 18:08 kvacquier

I have the same problem

  • GoogleSignIn (6.1.0):
    • AppAuth (~> 1.4)
    • GTMAppAuth (~> 1.0)
    • GTMSessionFetcher/Core (~> 1.1)

gy6177 avatar Aug 19 '22 08:08 gy6177

For those who are still seeing this issue, please let me know which versions of GoogleSignIn and GTMAppAuth you're building with.

petea avatar Aug 19 '22 21:08 petea

GoogleSignIn -> 6.1.0 GTMAppAuth -> 1.0 在 iOS 15.4 和 iOS 15.0 都遇到了

Is there a problem with the simulator? Can it be done on the real machine?

gy6177 avatar Aug 20 '22 09:08 gy6177

Upgrade to Google signin 6.2.2 without this problem. The following is the corresponding version

  • GoogleSignIn (6.2.2):
    • AppAuth (~> 1.5)
    • GTMAppAuth (~> 1.3)

gy6177 avatar Aug 20 '22 09:08 gy6177

Also seeing this issue on iOS 16 beta:

GoogleSignIn (6.1.0):

  • AppAuth (~> 1.4)
  • GTMAppAuth (~> 1.0)
  • GTMSessionFetcher/Core (~> 1.1)

tylerexmg avatar Aug 22 '22 17:08 tylerexmg

Hey! We're running version 6.1.0 and some of our users are experiencing this issue in too. Is there a version that you recommend to upgrade to solve this? Thanks for your time

CharlyDev75 avatar Oct 04 '22 18:10 CharlyDev75

Update to latest version which has GTMAppAuth ~> 1.3 will fix the issue

Simon-Zeng avatar Oct 06 '22 09:10 Simon-Zeng

Update to latest version which has GTMAppAuth ~> 1.3 will fix the issue

Thanks a lot Simon!

CharlyDev75 avatar Oct 06 '22 13:10 CharlyDev75

After updating my pods to Installing AppAuth 1.6.0 (was 1.5.0) Installing GTMAppAuth 1.3.1 (was 1.3.0) Installing GoogleSignIn 6.2.4 (was 6.2.2)

I reproduced the issue on a Mac Silicon with Mac OS Ventura (13.0 (22A380)). But It works on iPad OS 16.1.

nguillot avatar Nov 08 '22 17:11 nguillot

Updating to latest version solved the issue!

sgiraldog avatar Nov 10 '22 13:11 sgiraldog