堆栈内存溢出
  简体   繁体   English

App Transfer Keychain Loss:用户注销的解决方案

[英]App Transfer Keychain Loss: Solutions to users logging out

 原文  2020-08-17 01:32:27       ios/ firebase-authentication/ keychain/ app-transfer

问题描述

I transferred an app to a new developer account.我将一个应用转移到一个新的开发者帐户。 When I upload a build from the new developer account and deploy it through Testflight, I encounter that my users logged out from the app.当我从新的开发人员帐户上传构建并通过 Testflight 部署它时,我遇到我的用户从应用程序中注销。

I think this is due to the Keychain Loss, because the Team ID changed.我认为这是由于钥匙串丢失,因为Team ID发生了变化。 So, I contacted Apple, and they said that there is no way to have access to the old Keychain in the new developer account, but that I could transfer the app back to my old developer account.所以,我联系了苹果,他们说没有办法在新的开发者帐户中访问旧的钥匙串,但我可以将应用程序转移回我的旧开发者帐户。

This is really bad for us, since we have user-created data in the device that gets lost on logout.这对我们来说真的很糟糕,因为我们在设备中有用户创建的数据会在注销时丢失。 We also have anonymous users, and they can't even regain access to their accounts because there are no credentials to login.我们也有匿名用户,他们甚至无法重新获得对其帐户的访问权限,因为没有登录凭据。 This is not acceptable to us because we would be losing user data, but we also need to transfer the app to the new developer account... So we are trying to find possible solutions.这对我们来说是不可接受的,因为我们会丢失用户数据,但我们还需要将应用程序转移到新的开发者帐户......所以我们正在努力寻找可能的解决方案。

Possible Solution #1可能的解决方案#1

Far from ideal: keep using the old developer account for a month, for example, and show an alert saying something like:远非理想:例如,继续使用旧的开发者帐户一个月,并显示一条警报,内容如下:

Please save/backup all your data and signup (if you have an anonymous account) because all unsaved data will be lost on the [todays date + 1 month] due to a migration.请保存/备份您的所有数据和注册(如果您有匿名帐户),因为所有未保存的数据将在 [今天日期 + 1 个月] 由于迁移而丢失。 Sorry for the inconvenience.带来不便敬请谅解。

After a month, we transfer again to the new developer account.一个月后,我们再次转移到新的开发者帐户。 Users that didn't see the message in that month or didn't save data, bye bye data… terrible.当月没有看到消息或没有保存数据的用户,再见数据……太糟糕了。

Possible Solution #2可能的解决方案#2

I'm not sure if Firebase Auth iOS SDK has the APIs to do something like this:我不确定 Firebase Auth iOS SDK 是否具有执行以下操作的 API:

  1. Transfer the app back again to the old developer account再次将应用转移回旧的开发者帐户
  2. Upload a new build from there that saves the Firebase Authentication State (eg the token) temporarily in a file (I know it's insecure... maybe I could encrypt it)从那里上传一个新版本,将 Firebase Authentication State (例如令牌)暂时保存在一个文件中(我知道它不安全......也许我可以加密它)
  3. Transfer the app back again to the new developer account再次将应用转移回新的开发者帐户
  4. Upload a new build that checks if that file exists, and copies the Auth State into the Firebase Auth SDK again.上传一个新版本来检查该文件是否存在,然后将 Auth State 再次复制到 Firebase Auth SDK 中。 This way the user is still logged in as if nothing happened.这样,用户仍然可以登录,就好像什么都没发生一样。

This second solution is kind of insecure, complicated and difficult to test, but from the user point of view, it would be more ideal than the first solution (if everything goes well).第二种解决方案有点不安全、复杂且难以测试,但从用户的角度来看,它会比第一种解决方案更理想(如果一切顺利的话)。

So, specifically my questions are:所以,特别是我的问题是:

  1. Would solution #2 be possible with Firebase Auth?使用 Firebase Auth 可以解决方案#2 吗?
  2. Does anyone have more ideas on how to approach this?有没有人对如何解决这个问题有更多想法? I guess that transferring apps (with login) is a common use case!我想传输应用程序(通过登录)是一个常见的用例!

We currently only use Anonymous & Email/Password authentication methods.我们目前仅使用匿名和电子邮件/密码身份验证方法。

Thanks!谢谢!

2 个解决方案

解决方案1
 1 已采纳  2020-10-01 23:21:20

So, I didn't find an ideal solution.所以,我没有找到理想的解决方案。

I ended up doing a mix of solutions #1 and #2:我最终混合了解决方案#1和#2:

  1. I transferred the app back to the old apple account我将应用程序转移回旧的苹果帐户

  2. I uploaded a new build that:我上传了一个新版本:

     a. extracts keychain data (which has login credentials and other stuff) b. encrypts this data (I used CryptoSwift) c. saves it into a file in the documents directory

  3. Waited 1-2 months so users can open the app to perform this first part of the migration等待 1-2 个月,以便用户可以打开应用程序来执行迁移的第一部分

  4. While waiting, we sent emails and push notifications asking users to backup their data, saying that a big migration was coming soon, with the excuse that we "grew" a lot lately and we were scaling stuff:P在等待期间,我们发送电子邮件和推送通知,要求用户备份他们的数据,并说即将进行大规模迁移,借口是我们最近“增长”了很多并且我们正在扩展东西:P

  5. Transferred the app to the new apple account将应用转移到新的苹果账户

  6. I uploaded a new build that:我上传了一个新版本:

     a. checks if the migration file exists (in the documents directory) b. if exists, read the migration file and decrypts data c. puts this data into the keychain (which is empty after app transfer) d. deletes the migration file from the documents directory

  7. Left this migration code for some more months so people open the app and perform migration将此迁移代码保留几个月,以便人们打开应用程序并执行迁移

  8. Delete code, migration period is over.删除代码,迁移期结束。

I sent logs to the backend to see if migrations were successful or not.我将日志发送到后端以查看迁移是否成功。 So far, users are all migrating correctly.到目前为止,用户都在正确迁移。

There are still cases where users could lose their data, for example, when anonymous users didn't perform the first part of the migration.仍然存在用户可能丢失数据的情况,例如,匿名用户未执行迁移的第一部分时。 But I can't think of a better solution... so far data loss is minimal.但我想不出更好的解决方案......到目前为止,数据丢失是最小的。 But it also took us some time to get things right and do all the proper testing.但我们也花了一些时间来把事情做好并进行所有适当的测试。

If someone in the future has a better solution to this issue, please let me know.!如果将来有人对此问题有更好的解决方案,请告诉我。! I'm curious.我很好奇。

I hope the answer helps someone.我希望答案对某人有所帮助。

解决方案2
 0  2020-08-17 01:59:56

I think the Apple rep was wrong.我认为苹果代表错了。 Your keychain is tied to a bundle ID, not a Team ID.您的钥匙串与捆绑 ID 绑定,而不是团队 ID。

Suppose for example that you transferred SomeApp from the original app owner, OldCo, to NewCo.例如,假设您将 SomeApp 从原始应用所有者 OldCo 转移到 NewCo。 The app comprises a custom keyboard, the actual SomeApp app, and an App Group.该应用程序包括一个自定义键盘、实际的 SomeApp 应用程序和一个应用程序组。 You have some Identifiers set up on developer.apple.com:您在 developer.apple.com 上设置了一些标识符:

App ID:
   com.OldCo.SomeApp
   com.OldCo.SomeApp.keyboard
App Group ID:
   com.OldCo.SomeAppGroup

If you change these to start with com.NewCo.如果您将这些更改为从com.NewCo. , users will lose their iCloud data. ,用户将丢失他们的 iCloud 数据。 But if you leave them as com.OldCo.但是,如果您将它们保留为com.OldCo. , all should be well. ,一切都应该很好。 Note that for you to create these IDs in NewCo's developer.apple.com account, OldCo will have to remove them from their account.请注意,要在 NewCo 的 developer.apple.com 帐户中创建这些 ID,OldCo 必须将它们从其帐户中删除。 It feels weird to have NewCo owning IDs with OldCo in them, but life is weird.让 NewCo 拥有带有 OldCo 的 ID 感觉很奇怪,但生活很奇怪。

If I'm missing some nuance whereby the change in TeamID affects the keychain, please let me know, and I'll do more research.如果我遗漏了一些细微差别,即 TeamID 的更改会影响钥匙串,请告诉我,我会做更多的研究。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apple推送通知,注销应用程序并删除应用程序问题/解决方案 - Apple Push notification, logging out app and deleting app problems/solutions 应用商店提交成功但钥匙串警告丢失 - app store submit success but loss of keychain warning 在iOS应用中登录和注销 - Logging in and logging out in an iOS app 如何在应用程序转移到新帐户后解决钥匙串访问警告 - How to solve keychain access warning after app transfer to new account 将钥匙串共享添加到已有用户的生产应用程序 - Adding keychain sharing to production app that already has users 处理多个用户的内容并注销消息传递应用程序(与数据保护有关) - Handling multiple users' content and logging out for a messaging app (data protection related) 用户可以清除钥匙串吗? - Can users clear the keychain? 将已转移的应用程序连接到iTunes,尝试更新应用程序,可能丢失钥匙串访问 - Transferred apps to itunes connect, trying to update app, Potential Loss of Keychain Access 如何从其他帐户在已转移的应用程序上上传新版本,可能会丢失钥匙串访问 - How to upload a new version on transferred app from other account ,Potential loss of keychain access iPhone应用程式经常登出 - iphone app is logging out frequently
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM