feat(auth): Cross-App-SSO via shared Keychain-Group ev.mana.session
Migriert die App auf die kanonische shared Keychain-Group `ManaSharedKeychainGroup` aus mana-swift-core. Alle nativen mana-e.V.-Apps (memoro, wordeck, nutriphi, herbatrium, zitare, seepuls, viadocu, manameme, werdrobe, pageta, comicello, moodlit) teilen damit ihren Auth-Token auf demselben Device — ein Login in einer App, alle anderen starten direkt im .signedIn-Status. Wichtig: für echtes Cross-App-Sharing müssen sowohl `keychainService` als auch `keychainAccessGroup` identisch sein (Keychain-Lookup-Tupel `(service, account, accessGroup)`) — beide jetzt auf `ManaSharedKeychainGroup`. Bestehender App-eigener Bucket (`ev.mana.<app>`) wird beim ersten Login mit dem neuen Token überschrieben; User in TestFlight-Apps brauchen einen Re-Login. Voraussetzung Apple-Dev-Portal (Tills manueller Schritt): - Capability "Keychain Sharing" für die App ID aktivieren - Group `ev.mana.session` hinzufügen - Provisioning-Profile neu downloaden (Xcode auto) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS
parent
a59863487e
commit
19fee75c47
5 changed files with 16 additions and 4 deletions
|
|
@ -6,5 +6,9 @@
|
||||||
<array>
|
<array>
|
||||||
<string>group.ev.mana.wordeck</string>
|
<string>group.ev.mana.wordeck</string>
|
||||||
</array>
|
</array>
|
||||||
|
<key>keychain-access-groups</key>
|
||||||
|
<array>
|
||||||
|
<string>$(AppIdentifierPrefix)ev.mana.session</string>
|
||||||
|
</array>
|
||||||
</dict>
|
</dict>
|
||||||
</plist>
|
</plist>
|
||||||
|
|
|
||||||
|
|
@ -7,10 +7,10 @@ import ManaCore
|
||||||
enum AppConfig {
|
enum AppConfig {
|
||||||
static let manaAppConfig: ManaAppConfig = DefaultManaAppConfig(
|
static let manaAppConfig: ManaAppConfig = DefaultManaAppConfig(
|
||||||
authBaseURL: URL(string: "https://auth.mana.how")!,
|
authBaseURL: URL(string: "https://auth.mana.how")!,
|
||||||
keychainService: "ev.mana.wordeck",
|
keychainService: ManaSharedKeychainGroup,
|
||||||
// Explizit auf TeamID.BundleID, statt nil. Vermeidet Logout
|
// Explizit auf TeamID.BundleID, statt nil. Vermeidet Logout
|
||||||
// bei TestFlight-Cert-Drift (siehe mana-swift-core v1.5.1).
|
// bei TestFlight-Cert-Drift (siehe mana-swift-core v1.5.1).
|
||||||
keychainAccessGroup: "QP3GLU8PH3.ev.mana.wordeck",
|
keychainAccessGroup: ManaSharedKeychainGroup,
|
||||||
// Single-Source fuer den App-Group-String (App-Hülle + Widget
|
// Single-Source fuer den App-Group-String (App-Hülle + Widget
|
||||||
// + ShareExt-Entitlement spiegeln das hardcoded).
|
// + ShareExt-Entitlement spiegeln das hardcoded).
|
||||||
appGroup: "group.ev.mana.wordeck"
|
appGroup: "group.ev.mana.wordeck"
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@
|
||||||
<true/>
|
<true/>
|
||||||
<key>keychain-access-groups</key>
|
<key>keychain-access-groups</key>
|
||||||
<array>
|
<array>
|
||||||
<string>$(AppIdentifierPrefix)ev.mana.wordeck</string>
|
<string>$(AppIdentifierPrefix)ev.mana.session</string>
|
||||||
</array>
|
</array>
|
||||||
</dict>
|
</dict>
|
||||||
</plist>
|
</plist>
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,9 @@
|
||||||
<array>
|
<array>
|
||||||
<string>group.ev.mana.wordeck</string>
|
<string>group.ev.mana.wordeck</string>
|
||||||
</array>
|
</array>
|
||||||
|
<key>keychain-access-groups</key>
|
||||||
|
<array>
|
||||||
|
<string>$(AppIdentifierPrefix)ev.mana.session</string>
|
||||||
|
</array>
|
||||||
</dict>
|
</dict>
|
||||||
</plist>
|
</plist>
|
||||||
|
|
|
||||||
|
|
@ -88,7 +88,7 @@ targets:
|
||||||
com.apple.security.network.client: true
|
com.apple.security.network.client: true
|
||||||
com.apple.security.files.user-selected.read-write: true
|
com.apple.security.files.user-selected.read-write: true
|
||||||
keychain-access-groups:
|
keychain-access-groups:
|
||||||
- $(AppIdentifierPrefix)ev.mana.wordeck
|
- $(AppIdentifierPrefix)ev.mana.session
|
||||||
com.apple.developer.associated-domains:
|
com.apple.developer.associated-domains:
|
||||||
- applinks:wordeck.com
|
- applinks:wordeck.com
|
||||||
com.apple.security.application-groups:
|
com.apple.security.application-groups:
|
||||||
|
|
@ -126,6 +126,8 @@ targets:
|
||||||
entitlements:
|
entitlements:
|
||||||
path: ShareExtension/Resources/WordeckShareExtension.entitlements
|
path: ShareExtension/Resources/WordeckShareExtension.entitlements
|
||||||
properties:
|
properties:
|
||||||
|
keychain-access-groups:
|
||||||
|
- $(AppIdentifierPrefix)ev.mana.session
|
||||||
com.apple.security.application-groups:
|
com.apple.security.application-groups:
|
||||||
- group.ev.mana.wordeck
|
- group.ev.mana.wordeck
|
||||||
settings:
|
settings:
|
||||||
|
|
@ -154,6 +156,8 @@ targets:
|
||||||
entitlements:
|
entitlements:
|
||||||
path: Widgets/WordeckWidget/Resources/WordeckWidgetExtension.entitlements
|
path: Widgets/WordeckWidget/Resources/WordeckWidgetExtension.entitlements
|
||||||
properties:
|
properties:
|
||||||
|
keychain-access-groups:
|
||||||
|
- $(AppIdentifierPrefix)ev.mana.session
|
||||||
com.apple.security.application-groups:
|
com.apple.security.application-groups:
|
||||||
- group.ev.mana.wordeck
|
- group.ev.mana.wordeck
|
||||||
dependencies:
|
dependencies:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue