Enable Keychain Sharing for App Extensions

[bdhazman]

Is your feature request related to a problem? Please describe.

Amplify manages user authentication and credentials but while Amplify functionality (including authentication) can be used in App Extensions such as Share Extensions, authentication sessions are not shared between apps and their app extensions. This is a problem for developers who want to use the Amplify library for managing iOS authentication to their services but also build software that extends the functionality of their application with app extensions. (examples of feature request: 1, 2)

Describe the solution you'd like

An ideal solution is allowing for cross-app authentication by taking advantage of Apple's 'shared keychain' through keychain access groups in a manner similar to how Firebase does. Allowing developers to choose the keychain group their application uses would allow them to support cross-app authentication including App Extensions.

Amplify already relies on iOS's keychain so implementing this change would be a matter of making changes to how Amplify accesses and writes credentials to the system's keychain.

Making this change would give developers the opportunity to build suites of apps that require only one log in and extend functionality of their apps through deeper iOS integration with extensions such as Share Extensions and widgets.

Describe alternatives you've considered

Alternatives to this feature can result in poor user experiences or less secure workarounds.

• Developers can require users to re-authenticate in app extensions or apps that could share authentication sessions but this can create more friction for users resulting in a poor user experience.
• A workaround developers could take is to insecurely store auth tokens or credentials and pass them between apps (example: 1, 2) and app extensions or app groups but this isn't as secure as relying solely on the keychain in all apps/extensions.

I am open to hearing any other suggested alternatives for accessing existing authentication sessions in extensions of apps.

Is the feature request related to any of the existing Amplify categories?

Auth

Additional context

I am happy to provide contributions similar to what has been done here in order to build this feature into Amplify's Swift/iOS library.

[cobywinfield]

+1

[github-actions]

This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you!

[royjit]

We are looking into this internally and will get back to you when we have more information.

[ekurutepe]

Is there any update on this one? We'd like to have a secure way to share the Auth tokens between our app and share extension as well.

[ekurutepe]

I added support for this in the PR above ^^^

[harsh62]

@ekurutepe Thanks for your contribution. Sorry for the delay.
I left a comment on #2770

[royjit]

PR require a detailed review and design, Amplify team will update here when we move forward with this.