[Auth] Synchronize 'TOTPSecret.openInOTPApp(withQRCodeURL:)' to main actor (#15067)

Co-authored-by: Morgan Chen <[email protected]>

Author: ncooke3

FirebaseAuth/CHANGELOG.md

@@ -7,6 +7,9 @@
 - [removed] **Breaking Change**: Remove deprecated Swift APIs using
   `String`-typed `productID`s that were  in favor of API that leverages the
   `AuthProviderID` enum. Note, this only affects Swift clients.
+- [changed] **Breaking Change**: `TOTPSecret.openInOTPApp(withQRCodeURL:)` is
+  now labeled with `@MainActor` and requires the `await` keyword when called
+  off of the main actor or main thread.
 
 # 11.15.0
 - [fixed] Fixed `Sendable` warnings introduced in the Xcode 26 beta. (#14996)

FirebaseAuth/Sources/Swift/MultiFactor/TOTP/TOTPSecret.swift

@@ -54,7 +54,7 @@ import Foundation
     ///
     /// See more details
     /// [here](https://developer.apple.com/documentation/authenticationservices/securing_logins_with_icloud_keychain_verification_codes)
-    @objc(openInOTPAppWithQRCodeURL:)
+    @MainActor @objc(openInOTPAppWithQRCodeURL:)
     open func openInOTPApp(withQRCodeURL qrCodeURL: String) {
       if GULAppEnvironmentUtil.isAppExtension() {
         // iOS App extensions should not call [UIApplication sharedApplication], even if

FirebaseAuth/Tests/Unit/SwiftAPI.swift

@@ -553,7 +553,7 @@ class AuthAPI_hOnlyTests: XCTestCase {
       let obj = try await TOTPMultiFactorGenerator.generateSecret(with: session)
       _ = obj.sharedSecretKey()
       _ = obj.generateQRCodeURL(withAccountName: "name", issuer: "issuer")
-      obj.openInOTPApp(withQRCodeURL: "url")
+      await obj.openInOTPApp(withQRCodeURL: "url")
     }
 
     func FIRTOTPMultiFactorGenerator_h(session: MultiFactorSession, secret: TOTPSecret) {