Use team player ID, game player ID and fetchItems for signature verification (#10441)

* Initial changes

* Update response

* Update FIRSignInWithGameCenterRequest.m

* Update FIRGameCenterAuthProvider.m

* Update FIRGameCenterAuthProvider.m

* Update FIRSignInWithGameCenterTests.m

Author: chuanr

FirebaseAuth/Sources/Auth/FIRAuth.m

@@ -790,6 +790,8 @@ - (void)signInAndRetrieveDataWithGameCenterCredential:(FIRGameCenterAuthCredenti
                                              callback:(FIRAuthDataResultCallback)callback {
   FIRSignInWithGameCenterRequest *request =
       [[FIRSignInWithGameCenterRequest alloc] initWithPlayerID:credential.playerID
+                                                  teamPlayerID:credential.teamPlayerID
+                                                  gamePlayerID:credential.gamePlayerID
                                                   publicKeyURL:credential.publicKeyURL
                                                      signature:credential.signature
                                                           salt:credential.salt

FirebaseAuth/Sources/AuthProvider/GameCenter/FIRGameCenterAuthCredential.h

@@ -29,6 +29,16 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property(nonatomic, readonly) NSString *playerID;
 
+/** @property teamPlayerID
+    @brief The team player ID of the Game Center local player.
+ */
+@property(nonatomic, readonly) NSString *teamPlayerID;
+
+/** @property gamePlayerID
+    @brief The game player ID of the Game Center local player.
+ */
+@property(nonatomic, readonly) NSString *gamePlayerID;
+
 /** @property publicKeyURL
     @brief The URL for the public encryption key.
  */
@@ -63,6 +73,8 @@ NS_ASSUME_NONNULL_BEGIN
     @param displayName The display name of the Game Center player.
  */
 - (nullable instancetype)initWithPlayerID:(NSString *)playerID
+                             teamPlayerID:(nullable NSString *)teamPlayerID
+                             gamePlayerID:(nullable NSString *)gamePlayerID
                              publicKeyURL:(NSURL *)publicKeyURL
                                 signature:(NSData *)signature
                                      salt:(NSData *)salt

FirebaseAuth/Sources/AuthProvider/GameCenter/FIRGameCenterAuthCredential.m

@@ -33,6 +33,8 @@ - (nullable instancetype)initWithProvider:(NSString *)provider {
 }
 
 - (nullable instancetype)initWithPlayerID:(NSString *)playerID
+                             teamPlayerID:(nullable NSString *)teamPlayerID
+                             gamePlayerID:(nullable NSString *)gamePlayerID
                              publicKeyURL:(NSURL *)publicKeyURL
                                 signature:(NSData *)signature
                                      salt:(NSData *)salt
@@ -41,6 +43,8 @@ - (nullable instancetype)initWithPlayerID:(NSString *)playerID
   self = [super initWithProvider:FIRGameCenterAuthProviderID];
   if (self) {
     _playerID = [playerID copy];
+    _teamPlayerID = [teamPlayerID copy];
+    _gamePlayerID = [gamePlayerID copy];
     _publicKeyURL = [publicKeyURL copy];
     _signature = [signature copy];
     _salt = [salt copy];
@@ -64,12 +68,16 @@ + (BOOL)supportsSecureCoding {
 
 - (nullable instancetype)initWithCoder:(NSCoder *)aDecoder {
   NSString *playerID = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"playerID"];
+  NSString *teamPlayerID = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"teamPlayerID"];
+  NSString *gamePlayerID = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"gamePlayerID"];
   NSURL *publicKeyURL = [aDecoder decodeObjectOfClass:[NSURL class] forKey:@"publicKeyURL"];
   NSData *signature = [aDecoder decodeObjectOfClass:[NSData class] forKey:@"signature"];
   NSData *salt = [aDecoder decodeObjectOfClass:[NSData class] forKey:@"salt"];
   NSNumber *timestamp = [aDecoder decodeObjectOfClass:[NSNumber class] forKey:@"timestamp"];
   NSString *displayName = [aDecoder decodeObjectOfClass:[NSString class] forKey:@"displayName"];
   self = [self initWithPlayerID:playerID
+                   teamPlayerID:teamPlayerID
+                   gamePlayerID:gamePlayerID
                    publicKeyURL:publicKeyURL
                       signature:signature
                            salt:salt
@@ -80,6 +88,8 @@ - (nullable instancetype)initWithCoder:(NSCoder *)aDecoder {
 
 - (void)encodeWithCoder:(NSCoder *)aCoder {
   [aCoder encodeObject:self.playerID forKey:@"playerID"];
+  [aCoder encodeObject:self.teamPlayerID forKey:@"teamPlayerID"];
+  [aCoder encodeObject:self.gamePlayerID forKey:@"gamePlayerID"];
   [aCoder encodeObject:self.publicKeyURL forKey:@"publicKeyURL"];
   [aCoder encodeObject:self.signature forKey:@"signature"];
   [aCoder encodeObject:self.salt forKey:@"salt"];

FirebaseAuth/Sources/AuthProvider/GameCenter/FIRGameCenterAuthProvider.m

@@ -54,37 +54,61 @@ + (void)getCredentialWithCompletion:(FIRGameCenterCredentialCallback)completion
     }
     return;
   }
-
-  [localPlayer generateIdentityVerificationSignatureWithCompletionHandler:^(
-                   NSURL *publicKeyURL, NSData *signature, NSData *salt, uint64_t timestamp,
-                   NSError *error) {
-    if (error) {
-      if (completion) {
-        completion(nil, error);
-      }
-    } else {
-      if (completion) {
-        /**
-         @c `localPlayer.alias` is actually the displayname needed, instead of
-         `localPlayer.displayname`. For more information, check
-         https://developer.apple.com/documentation/gamekit/gkplayer
-         **/
-        NSString *displayName = localPlayer.alias;
-// iOS 13 deprecation
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+  if (@available(iOS 13.5, macOS 10.15.5, macCatalyst 13.5, tvOS 13.4.8, *)) {
+    [localPlayer fetchItemsForIdentityVerificationSignature:^(
+                     NSURL *_Nullable publicKeyURL, NSData *_Nullable signature,
+                     NSData *_Nullable salt, uint64_t timestamp, NSError *_Nullable error) {
+      if (error) {
+        if (completion) {
+          completion(nil, error);
+        }
+      } else {
         FIRGameCenterAuthCredential *credential =
             [[FIRGameCenterAuthCredential alloc] initWithPlayerID:localPlayer.playerID
+                                                     teamPlayerID:localPlayer.teamPlayerID
+                                                     gamePlayerID:localPlayer.gamePlayerID
                                                      publicKeyURL:publicKeyURL
                                                         signature:signature
                                                              salt:salt
                                                         timestamp:timestamp
-                                                      displayName:displayName];
-#pragma clang diagnostic pop
+                                                      displayName:localPlayer.displayName];
         completion(credential, nil);
       }
-    }
-  }];
+    }];
+  } else {
+    [localPlayer generateIdentityVerificationSignatureWithCompletionHandler:^(
+                     NSURL *publicKeyURL, NSData *signature, NSData *salt, uint64_t timestamp,
+                     NSError *error) {
+      if (error) {
+        if (completion) {
+          completion(nil, error);
+        }
+      } else {
+        if (completion) {
+          /**
+           @c `localPlayer.alias` is actually the displayname needed, instead of
+           `localPlayer.displayname`. For more information, check
+           https://developer.apple.com/documentation/gamekit/gkplayer
+           **/
+          NSString *displayName = localPlayer.alias;
+// iOS 13 deprecation
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+          FIRGameCenterAuthCredential *credential =
+              [[FIRGameCenterAuthCredential alloc] initWithPlayerID:localPlayer.playerID
+                                                       teamPlayerID:nil
+                                                       gamePlayerID:nil
+                                                       publicKeyURL:publicKeyURL
+                                                          signature:signature
+                                                               salt:salt
+                                                          timestamp:timestamp
+                                                        displayName:displayName];
+#pragma clang diagnostic pop
+          completion(credential, nil);
+        }
+      }
+    }];
+  }
 }
 
 @end

FirebaseAuth/Sources/Backend/RPC/FIRSignInWithGameCenterRequest.h

@@ -31,6 +31,16 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property(nonatomic, copy) NSString *playerID;
 
+/** @property teamPlayerID
+    @brief The team player ID of the Game Center local player.
+ */
+@property(nonatomic, readonly) NSString *teamPlayerID;
+
+/** @property gamePlayerID
+    @brief The game player ID of the Game Center local player.
+ */
+@property(nonatomic, readonly) NSString *gamePlayerID;
+
 /** @property publicKeyURL
     @brief The URL for the public encryption key.
  */
@@ -78,6 +88,8 @@ NS_ASSUME_NONNULL_BEGIN
     @param displayName The display name of the Game Center player.
  */
 - (nullable instancetype)initWithPlayerID:(NSString *)playerID
+                             teamPlayerID:(nullable NSString *)teamPlayerID
+                             gamePlayerID:(nullable NSString *)gamePlayerID
                              publicKeyURL:(NSURL *)publicKeyURL
                                 signature:(NSData *)signature
                                      salt:(NSData *)salt

FirebaseAuth/Sources/Backend/RPC/FIRSignInWithGameCenterRequest.m

@@ -28,6 +28,8 @@
 @implementation FIRSignInWithGameCenterRequest
 
 - (nullable instancetype)initWithPlayerID:(NSString *)playerID
+                             teamPlayerID:(nullable NSString *)teamPlayerID
+                             gamePlayerID:(nullable NSString *)gamePlayerID
                              publicKeyURL:(NSURL *)publicKeyURL
                                 signature:(NSData *)signature
                                      salt:(NSData *)salt
@@ -38,6 +40,8 @@ - (nullable instancetype)initWithPlayerID:(NSString *)playerID
             requestConfiguration:requestConfiguration];
   if (self) {
     _playerID = playerID;
+    _teamPlayerID = [teamPlayerID copy];
+    _gamePlayerID = [gamePlayerID copy];
     _publicKeyURL = [publicKeyURL copy];
     _signature = [signature copy];
     _salt = [salt copy];
@@ -54,6 +58,12 @@ - (nullable id)unencodedHTTPRequestBodyWithError:(NSError *__autoreleasing _Null
   if (_playerID) {
     postBody[@"playerId"] = _playerID;
   }
+  if (_teamPlayerID) {
+    postBody[@"teamPlayerId"] = _teamPlayerID;
+  }
+  if (_gamePlayerID) {
+    postBody[@"gamePlayerId"] = _gamePlayerID;
+  }
   if (_publicKeyURL) {
     postBody[@"publicKeyUrl"] = _publicKeyURL.absoluteString;
   }

FirebaseAuth/Sources/Backend/RPC/FIRSignInWithGameCenterResponse.h

@@ -44,6 +44,16 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property(nonatomic, copy, readonly, nullable) NSString *playerID;
 
+/** @property teamPlayerID
+    @breif @breif The verified team player ID.
+ */
+@property(nonatomic, copy, readonly, nullable) NSString *teamPlayerID;
+
+/** @property gamePlayerID
+    @breif @breif The verified game player ID.
+ */
+@property(nonatomic, copy, readonly, nullable) NSString *gamePlayerID;
+
 /** @property approximateExpirationDate
     @breif The approximate expiration date of the access token.
  */

FirebaseAuth/Sources/Backend/RPC/FIRSignInWithGameCenterResponse.m

@@ -30,6 +30,8 @@ - (BOOL)setWithDictionary:(NSDictionary *)dictionary error:(NSError *_Nullable *
         [NSDate dateWithTimeIntervalSinceNow:[dictionary[@"expiresIn"] integerValue]];
   }
   _playerID = [dictionary[@"playerId"] copy];
+  _teamPlayerID = [dictionary[@"teamPlayerId"] copy];
+  _gamePlayerID = [dictionary[@"gamePlayerId"] copy];
   _isNewUser = [dictionary[@"isNewUser"] boolValue];
   _displayName = [dictionary[@"displayName"] copy];
   return YES;

FirebaseAuth/Sources/User/FIRUser.m

@@ -1181,6 +1181,8 @@ - (void)linkWithCredential:(FIRAuthCredential *)credential
         FIRAuthRequestConfiguration *requestConfiguration = self.auth.requestConfiguration;
         FIRSignInWithGameCenterRequest *gameCenterRequest = [[FIRSignInWithGameCenterRequest alloc]
                 initWithPlayerID:gameCenterCredential.playerID
+                    teamPlayerID:gameCenterCredential.teamPlayerID
+                    gamePlayerID:gameCenterCredential.gamePlayerID
                     publicKeyURL:gameCenterCredential.publicKeyURL
                        signature:gameCenterCredential.signature
                             salt:gameCenterCredential.salt

FirebaseAuth/Tests/Unit/FIRSignInWithGameCenterTests.m

@@ -78,6 +78,26 @@
  */
 static NSString *const kPlayerID = @"PLAYERID";
 
+/** @var kTeamPlayerIDKey
+    @brief The key of team player id.
+ */
+static NSString *const kTeamPlayerIDKey = @"teamPlayerId";
+
+/** @var kPlayerID
+    @brief The testing player id.
+ */
+static NSString *const kTeamPlayerID = @"TEAMPLAYERID";
+
+/** @var kGamePlayerIDKey
+    @brief The key of game player id.
+ */
+static NSString *const kGamePlayerIDKey = @"gamePlayerId";
+
+/** @var kGamePlayerID
+    @brief The testing game player id.
+ */
+static NSString *const kGamePlayerID = @"GAMEPLAYERID";
+
 /** @var kApproximateExpirationDateKey
     @brief The approximate expiration date key.
  */
@@ -198,6 +218,8 @@ - (void)testRequestResponseEncoding {
   NSData *salt = [[NSData alloc] initWithBase64EncodedString:kSalt options:0];
   FIRSignInWithGameCenterRequest *request =
       [[FIRSignInWithGameCenterRequest alloc] initWithPlayerID:kPlayerID
+                                                  teamPlayerID:kTeamPlayerID
+                                                  gamePlayerID:kGamePlayerID
                                                   publicKeyURL:[NSURL URLWithString:kPublicKeyURL]
                                                      signature:signature
                                                           salt:salt
@@ -221,6 +243,8 @@ - (void)testRequestResponseEncoding {
   XCTAssertEqualObjects(self.RPCIssuer.requestURL.absoluteString, kExpectedAPIURL);
   XCTAssertNotNil(self.RPCIssuer.decodedRequest);
   XCTAssertEqualObjects(self.RPCIssuer.decodedRequest[kPlayerIDKey], kPlayerID);
+  XCTAssertEqualObjects(self.RPCIssuer.decodedRequest[kTeamPlayerIDKey], kTeamPlayerID);
+  XCTAssertEqualObjects(self.RPCIssuer.decodedRequest[kGamePlayerIDKey], kGamePlayerID);
   XCTAssertEqualObjects(self.RPCIssuer.decodedRequest[kPublicKeyURLKey], kPublicKeyURL);
   XCTAssertEqualObjects(self.RPCIssuer.decodedRequest[kSignatureKey], kSignature);
   XCTAssertEqualObjects(self.RPCIssuer.decodedRequest[kSaltKey], kSalt);
@@ -234,6 +258,8 @@ - (void)testRequestResponseEncoding {
     @"refreshToken" : kRefreshToken,
     @"localId" : kLocalID,
     @"playerId" : kPlayerID,
+    @"teamPlayerId" : kTeamPlayerID,
+    @"gamePlayerId" : kGamePlayerID,
     @"expiresIn" : kApproximateExpirationDate,
     @"isNewUser" : [NSNumber numberWithBool:kIsNewUser],
     @"displayName" : kDisplayName,
@@ -246,6 +272,8 @@ - (void)testRequestResponseEncoding {
   XCTAssertEqualObjects(RPCResponse.refreshToken, kRefreshToken);
   XCTAssertEqualObjects(RPCResponse.localID, kLocalID);
   XCTAssertEqualObjects(RPCResponse.playerID, kPlayerID);
+  XCTAssertEqualObjects(RPCResponse.teamPlayerID, kTeamPlayerID);
+  XCTAssertEqualObjects(RPCResponse.gamePlayerID, kGamePlayerID);
   XCTAssertEqual(RPCResponse.isNewUser, kIsNewUser);
   XCTAssertEqualObjects(RPCResponse.displayName, kDisplayName);
 }