Firebase Auth TOTP support (#11261)

Added Time-based One Time Password MFA support.

Co-authored-by: pragatimodi <[email protected]>
Co-authored-by: Kevin Cheung <[email protected]>

Author: 3 people

FirebaseAuth/CHANGELOG.md

@@ -1,3 +1,6 @@
+# 10.12.0
+- [added] Added support to Firebase Auth to enroll and sign in a user with TOTP second factor.(#11261)
+
 # 10.8.0
 - [added] Added Firebase App Check support to Firebase Auth. (#11056)
 - [added] Added Sign in with Apple token revocation support. (#9906)

FirebaseAuth/Sources/AuthProvider/Phone/FIRPhoneAuthProvider.m

@@ -528,7 +528,7 @@ - (void)verifyClientAndSendVerificationCodeToPhoneNumber:(NSString *)phoneNumber
                                                   } else {
                                                     if (callback) {
                                                       callback(
-                                                          response.enrollmentResponse.sessionInfo,
+                                                          response.phoneSessionInfo.sessionInfo,
                                                           nil);
                                                     }
                                                   }

FirebaseAuth/Sources/Backend/FIRAuthBackend.m

@@ -74,6 +74,8 @@
 
 #import "FirebaseAuth/Sources/AuthProvider/Phone/FIRPhoneAuthCredential_Internal.h"
 #import "FirebaseAuth/Sources/MultiFactor/Phone/FIRPhoneMultiFactorInfo+Internal.h"
+#import "FirebaseAuth/Sources/MultiFactor/TOTP/FIRTOTPMultiFactorInfo.h"
+
 #endif
 
 NS_ASSUME_NONNULL_BEGIN
@@ -798,15 +800,25 @@ - (void)verifyAssertion:(FIRVerifyAssertionRequest *)request
                } else {
                  if (!response.IDToken && response.MFAInfo) {
 #if TARGET_OS_IOS
-                   NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfo = [NSMutableArray array];
+                   NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfoArray =
+                       [[NSMutableArray alloc] init];
                    for (FIRAuthProtoMFAEnrollment *MFAEnrollment in response.MFAInfo) {
-                     FIRPhoneMultiFactorInfo *info =
-                         [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
-                     [multiFactorInfo addObject:info];
+                     if (MFAEnrollment.phoneInfo) {
+                       FIRMultiFactorInfo *multiFactorInfo =
+                           [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
+                       [multiFactorInfoArray addObject:multiFactorInfo];
+                     } else if (MFAEnrollment.TOTPInfo) {
+                       FIRMultiFactorInfo *multiFactorInfo =
+                           [[FIRTOTPMultiFactorInfo alloc] initWithProto:MFAEnrollment];
+                       [multiFactorInfoArray addObject:multiFactorInfo];
+                     } else {
+                       FIRLogError(kFIRLoggerAuth, @"I-AUT000020",
+                                   @"Multifactor type is not supported");
+                     }
                    }
                    NSError *multiFactorRequiredError = [FIRAuthErrorUtils
                        secondFactorRequiredErrorWithPendingCredential:response.MFAPendingCredential
-                                                                hints:multiFactorInfo
+                                                                hints:multiFactorInfoArray
                                                                  auth:request.requestConfiguration
                                                                           .auth];
                    callback(nil, multiFactorRequiredError);
@@ -846,9 +858,19 @@ - (void)verifyPassword:(FIRVerifyPasswordRequest *)request
 #if TARGET_OS_IOS
                    NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfo = [NSMutableArray array];
                    for (FIRAuthProtoMFAEnrollment *MFAEnrollment in response.MFAInfo) {
-                     FIRPhoneMultiFactorInfo *info =
-                         [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
-                     [multiFactorInfo addObject:info];
+                     // check which MFA factors are enabled.
+                     if (MFAEnrollment.phoneInfo != nil) {
+                       FIRPhoneMultiFactorInfo *info =
+                           [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
+                       [multiFactorInfo addObject:info];
+                     } else if (MFAEnrollment.TOTPInfo != nil) {
+                       FIRTOTPMultiFactorInfo *info =
+                           [[FIRTOTPMultiFactorInfo alloc] initWithProto:MFAEnrollment];
+                       [multiFactorInfo addObject:info];
+                     } else {
+                       FIRLogError(kFIRLoggerAuth, @"I-AUT000021",
+                                   @"Multifactor type is not supported");
+                     }
                    }
                    NSError *multiFactorRequiredError = [FIRAuthErrorUtils
                        secondFactorRequiredErrorWithPendingCredential:response.MFAPendingCredential
@@ -876,15 +898,25 @@ - (void)emailLinkSignin:(FIREmailLinkSignInRequest *)request
                } else {
                  if (!response.IDToken && response.MFAInfo) {
 #if TARGET_OS_IOS
-                   NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfo = [NSMutableArray array];
+                   NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfoArray =
+                       [[NSMutableArray alloc] init];
                    for (FIRAuthProtoMFAEnrollment *MFAEnrollment in response.MFAInfo) {
-                     FIRPhoneMultiFactorInfo *info =
-                         [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
-                     [multiFactorInfo addObject:info];
+                     if (MFAEnrollment.phoneInfo) {
+                       FIRMultiFactorInfo *multiFactorInfo =
+                           [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
+                       [multiFactorInfoArray addObject:multiFactorInfo];
+                     } else if (MFAEnrollment.TOTPInfo) {
+                       FIRMultiFactorInfo *multiFactorInfo =
+                           [[FIRTOTPMultiFactorInfo alloc] initWithProto:MFAEnrollment];
+                       [multiFactorInfoArray addObject:multiFactorInfo];
+                     } else {
+                       FIRLogError(kFIRLoggerAuth, @"I-AUT000022",
+                                   @"Multifactor type is not supported");
+                     }
                    }
                    NSError *multiFactorRequiredError = [FIRAuthErrorUtils
                        secondFactorRequiredErrorWithPendingCredential:response.MFAPendingCredential
-                                                                hints:multiFactorInfo
+                                                                hints:multiFactorInfoArray
                                                                  auth:request.requestConfiguration
                                                                           .auth];
                    callback(nil, multiFactorRequiredError);

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRFinalizeMFAEnrollmentRequest.h

@@ -17,6 +17,7 @@
 #import "FirebaseAuth/Sources/Backend/FIRAuthRPCRequest.h"
 #import "FirebaseAuth/Sources/Backend/FIRIdentityToolkitRequest.h"
 #import "FirebaseAuth/Sources/Backend/RPC/Proto/Phone/FIRAuthProtoFinalizeMFAPhoneRequestInfo.h"
+#import "FirebaseAuth/Sources/Backend/RPC/Proto/TOTP/FIRAuthProtoFinalizeMFATOTPEnrollmentRequestInfo.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -25,13 +26,21 @@ NS_ASSUME_NONNULL_BEGIN
 @property(nonatomic, copy, readonly, nullable) NSString *IDToken;
 
 @property(nonatomic, copy, readonly, nullable) NSString *displayName;
-
 @property(nonatomic, copy, readonly, nullable)
-    FIRAuthProtoFinalizeMFAPhoneRequestInfo *verificationInfo;
+    FIRAuthProtoFinalizeMFAPhoneRequestInfo *phoneVerificationInfo;
+@property(nonatomic, copy, readonly, nullable)
+    FIRAuthProtoFinalizeMFATOTPEnrollmentRequestInfo *TOTPVerificationInfo;
+
+- (nullable instancetype)initWithIDToken:(NSString *)IDToken
+                             displayName:(NSString *)displayName
+                   phoneVerificationInfo:
+                       (FIRAuthProtoFinalizeMFAPhoneRequestInfo *)phoneVerificationInfo
+                    requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration;
 
 - (nullable instancetype)initWithIDToken:(NSString *)IDToken
                              displayName:(NSString *)displayName
-                        verificationInfo:(FIRAuthProtoFinalizeMFAPhoneRequestInfo *)verificationInfo
+                    TOTPVerificationInfo:
+                        (FIRAuthProtoFinalizeMFATOTPEnrollmentRequestInfo *)TOTPVerificationInfo
                     requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration;
 
 @end

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRFinalizeMFAEnrollmentRequest.m

@@ -16,6 +16,8 @@
 
 #import "FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRFinalizeMFAEnrollmentRequest.h"
 
+NS_ASSUME_NONNULL_BEGIN
+
 static NSString *const kFinalizeMFAEnrollmentEndPoint = @"accounts/mfaEnrollment:finalize";
 
 /** @var kTenantIDKey
@@ -27,7 +29,25 @@ @implementation FIRFinalizeMFAEnrollmentRequest
 
 - (nullable instancetype)initWithIDToken:(NSString *)IDToken
                              displayName:(NSString *)displayName
-                        verificationInfo:(FIRAuthProtoFinalizeMFAPhoneRequestInfo *)verificationInfo
+                   phoneVerificationInfo:
+                       (FIRAuthProtoFinalizeMFAPhoneRequestInfo *)phoneVerificationInfo
+                    requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration {
+  self = [super initWithEndpoint:kFinalizeMFAEnrollmentEndPoint
+            requestConfiguration:requestConfiguration
+             useIdentityPlatform:YES
+                      useStaging:NO];
+  if (self) {
+    _IDToken = IDToken;
+    _displayName = displayName;
+    _phoneVerificationInfo = phoneVerificationInfo;
+  }
+  return self;
+}
+
+- (nullable instancetype)initWithIDToken:(NSString *)IDToken
+                             displayName:(NSString *)displayName
+                    TOTPVerificationInfo:
+                        (FIRAuthProtoFinalizeMFATOTPEnrollmentRequestInfo *)TOTPVerificationInfo
                     requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration {
   self = [super initWithEndpoint:kFinalizeMFAEnrollmentEndPoint
             requestConfiguration:requestConfiguration
@@ -36,7 +56,7 @@ - (nullable instancetype)initWithIDToken:(NSString *)IDToken
   if (self) {
     _IDToken = IDToken;
     _displayName = displayName;
-    _verificationInfo = verificationInfo;
+    _TOTPVerificationInfo = TOTPVerificationInfo;
   }
   return self;
 }
@@ -49,10 +69,10 @@ - (nullable id)unencodedHTTPRequestBodyWithError:(NSError *__autoreleasing _Null
   if (_displayName) {
     postBody[@"displayName"] = _displayName;
   }
-  if (_verificationInfo) {
-    if ([_verificationInfo isKindOfClass:[FIRAuthProtoFinalizeMFAPhoneRequestInfo class]]) {
-      postBody[@"phoneVerificationInfo"] = [_verificationInfo dictionary];
-    }
+  if (_phoneVerificationInfo) {
+    postBody[@"phoneVerificationInfo"] = [_phoneVerificationInfo dictionary];
+  } else if (_TOTPVerificationInfo) {
+    postBody[@"totpVerificationInfo"] = [_TOTPVerificationInfo dictionary];
   }
   if (self.tenantID) {
     postBody[kTenantIDKey] = self.tenantID;
@@ -61,3 +81,5 @@ - (nullable id)unencodedHTTPRequestBodyWithError:(NSError *__autoreleasing _Null
 }
 
 @end
+
+NS_ASSUME_NONNULL_END

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRFinalizeMFAEnrollmentResponse.h

@@ -16,6 +16,7 @@
 
 #import "FirebaseAuth/Sources/Backend/FIRAuthRPCResponse.h"
 #import "FirebaseAuth/Sources/Backend/RPC/Proto/Phone/FIRAuthProtoFinalizeMFAPhoneResponseInfo.h"
+#import "FirebaseAuth/Sources/Backend/RPC/Proto/TOTP/FIRAuthProtoFinalizeMFATOTPEnrollmentResponseInfo.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -24,6 +25,10 @@ NS_ASSUME_NONNULL_BEGIN
 @property(nonatomic, copy, readonly, nullable) NSString *IDToken;
 
 @property(nonatomic, copy, readonly, nullable) NSString *refreshToken;
+@property(nonatomic, copy, readonly, nullable)
+    FIRAuthProtoFinalizeMFAPhoneResponseInfo *phoneAuthInfo;
+@property(nonatomic, copy, readonly, nullable)
+    FIRAuthProtoFinalizeMFATOTPEnrollmentResponseInfo *TOTPAuthInfo;
 
 @end
 

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRFinalizeMFAEnrollmentResponse.m

@@ -15,15 +15,23 @@
  */
 
 #import "FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRFinalizeMFAEnrollmentResponse.h"
-
 #import "FirebaseAuth/Sources/Backend/RPC/Proto/Phone/FIRAuthProtoFinalizeMFAPhoneResponseInfo.h"
+#import "FirebaseAuth/Sources/Backend/RPC/Proto/TOTP/FIRAuthProtoFinalizeMFATOTPEnrollmentResponseInfo.h"
 
 @implementation FIRFinalizeMFAEnrollmentResponse
 
 - (BOOL)setWithDictionary:(nonnull NSDictionary *)dictionary
                     error:(NSError *__autoreleasing _Nullable *_Nullable)error {
   _IDToken = [dictionary[@"idToken"] copy];
   _refreshToken = [dictionary[@"refreshToken"] copy];
+  if (dictionary[@"phoneAuthInfo"] != nil) {
+    NSDictionary *data = dictionary[@"phoneAuthInfo"];
+    _phoneAuthInfo = [[FIRAuthProtoFinalizeMFAPhoneResponseInfo alloc] initWithDictionary:data];
+  } else if (dictionary[@"totpAuthInfo"] != nil) {
+    NSDictionary *data = dictionary[@"totpAuthInfo"];
+    _TOTPAuthInfo =
+        [[FIRAuthProtoFinalizeMFATOTPEnrollmentResponseInfo alloc] initWithDictionary:data];
+  }
   return YES;
 }
 

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRStartMFAEnrollmentRequest.h

@@ -17,17 +17,25 @@
 #import "FirebaseAuth/Sources/Backend/FIRAuthRPCRequest.h"
 #import "FirebaseAuth/Sources/Backend/FIRIdentityToolkitRequest.h"
 #import "FirebaseAuth/Sources/Backend/RPC/Proto/Phone/FIRAuthProtoStartMFAPhoneRequestInfo.h"
+#import "FirebaseAuth/Sources/Backend/RPC/Proto/TOTP/FIRAuthProtoStartMFATOTPEnrollmentRequestInfo.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
 @interface FIRStartMFAEnrollmentRequest : FIRIdentityToolkitRequest <FIRAuthRPCRequest>
 
 @property(nonatomic, copy, readonly, nullable) NSString *IDToken;
+@property(nonatomic, copy, readonly, nullable)
+    FIRAuthProtoStartMFAPhoneRequestInfo *phoneEnrollmentInfo;
+@property(nonatomic, copy, readonly, nullable)
+    FIRAuthProtoStartMFATOTPEnrollmentRequestInfo *TOTPEnrollmentInfo;
 
-@property(nonatomic, copy, readonly, nullable) FIRAuthProtoStartMFAPhoneRequestInfo *enrollmentInfo;
+- (nullable instancetype)initWithIDToken:(NSString *)IDToken
+                          enrollmentInfo:(FIRAuthProtoStartMFAPhoneRequestInfo *)phoneEnrollmentInfo
+                    requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration;
 
 - (nullable instancetype)initWithIDToken:(NSString *)IDToken
-                          enrollmentInfo:(FIRAuthProtoStartMFAPhoneRequestInfo *)enrollmentInfo
+                      TOTPEnrollmentInfo:
+                          (FIRAuthProtoStartMFATOTPEnrollmentRequestInfo *)TOTPEnrollmentInfo
                     requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration;
 
 @end

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRStartMFAEnrollmentRequest.m

@@ -15,8 +15,8 @@
  */
 
 #import "FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRStartMFAEnrollmentRequest.h"
-
 #import "FirebaseAuth/Sources/Backend/RPC/Proto/Phone/FIRAuthProtoStartMFAPhoneRequestInfo.h"
+#import "FirebaseAuth/Sources/Backend/RPC/Proto/TOTP/FIRAuthProtoStartMFATOTPEnrollmentRequestInfo.h"
 
 static NSString *const kStartMFAEnrollmentEndPoint = @"accounts/mfaEnrollment:start";
 
@@ -28,15 +28,30 @@
 @implementation FIRStartMFAEnrollmentRequest
 
 - (nullable instancetype)initWithIDToken:(NSString *)IDToken
-                          enrollmentInfo:(FIRAuthProtoStartMFAPhoneRequestInfo *)enrollmentInfo
+                          enrollmentInfo:(FIRAuthProtoStartMFAPhoneRequestInfo *)phoneEnrollmentInfo
+                    requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration {
+  self = [super initWithEndpoint:kStartMFAEnrollmentEndPoint
+            requestConfiguration:requestConfiguration
+             useIdentityPlatform:YES
+                      useStaging:NO];
+  if (self) {
+    _IDToken = IDToken;
+    _phoneEnrollmentInfo = phoneEnrollmentInfo;
+  }
+  return self;
+}
+
+- (nullable instancetype)initWithIDToken:(NSString *)IDToken
+                      TOTPEnrollmentInfo:
+                          (FIRAuthProtoStartMFATOTPEnrollmentRequestInfo *)TOTPEnrollmentInfo
                     requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration {
   self = [super initWithEndpoint:kStartMFAEnrollmentEndPoint
             requestConfiguration:requestConfiguration
              useIdentityPlatform:YES
                       useStaging:NO];
   if (self) {
     _IDToken = IDToken;
-    _enrollmentInfo = enrollmentInfo;
+    _TOTPEnrollmentInfo = TOTPEnrollmentInfo;
   }
   return self;
 }
@@ -46,10 +61,10 @@ - (nullable id)unencodedHTTPRequestBodyWithError:(NSError *__autoreleasing _Null
   if (_IDToken) {
     postBody[@"idToken"] = _IDToken;
   }
-  if (_enrollmentInfo) {
-    if ([_enrollmentInfo isKindOfClass:[FIRAuthProtoStartMFAPhoneRequestInfo class]]) {
-      postBody[@"phoneEnrollmentInfo"] = [_enrollmentInfo dictionary];
-    }
+  if (_phoneEnrollmentInfo) {
+    postBody[@"phoneEnrollmentInfo"] = [_phoneEnrollmentInfo dictionary];
+  } else if (_TOTPEnrollmentInfo) {
+    postBody[@"totpEnrollmentInfo"] = [_TOTPEnrollmentInfo dictionary];
   }
   if (self.tenantID) {
     postBody[kTenantIDKey] = self.tenantID;

FirebaseAuth/Sources/Backend/RPC/MultiFactor/Enroll/FIRStartMFAEnrollmentResponse.h

@@ -16,13 +16,15 @@
 
 #import "FirebaseAuth/Sources/Backend/FIRAuthRPCResponse.h"
 #import "FirebaseAuth/Sources/Backend/RPC/Proto/Phone/FIRAuthProtoStartMFAPhoneResponseInfo.h"
+#import "FirebaseAuth/Sources/Backend/RPC/Proto/TOTP/FIRAuthProtoStartMFATOTPEnrollmentResponseInfo.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
 @interface FIRStartMFAEnrollmentResponse : NSObject <FIRAuthRPCResponse>
-
 @property(nonatomic, copy, readonly, nullable)
-    FIRAuthProtoStartMFAPhoneResponseInfo *enrollmentResponse;
+    FIRAuthProtoStartMFAPhoneResponseInfo *phoneSessionInfo;
+@property(nonatomic, copy, readonly, nullable)
+    FIRAuthProtoStartMFATOTPEnrollmentResponseInfo *TOTPSessionInfo;
 
 @end