Create buildable branch for Swift 6 and Xcode 16+

Firebase.podspec

@@ -28,7 +28,7 @@ Simplify your app development, grow your user base, and monetize more effectivel
 
   s.cocoapods_version = '>= 1.12.0'
 
-  s.swift_version = '5.9'
+  s.swift_version = '6.0'
 
   s.default_subspec = 'Core'
 

FirebaseABTesting.podspec

@@ -35,7 +35,7 @@ Firebase Cloud Messaging and Firebase Remote Config in your app.
   s.cocoapods_version = '>= 1.12.0'
   s.prefix_header_file = false
 
-  s.swift_version = '5.9'
+  s.swift_version = '6.0'
 
   base_dir = "FirebaseABTesting/Sources/"
   s.source_files = [

FirebaseAnalytics.podspec

@@ -17,7 +17,7 @@ Pod::Spec.new do |s|
     }
 
     s.cocoapods_version = '>= 1.12.0'
-    s.swift_version     = '5.9'
+    s.swift_version     = '6.0'
 
     s.ios.deployment_target  = '12.0'
     s.osx.deployment_target  = '10.15'

FirebaseAppCheck.podspec

@@ -22,7 +22,7 @@ Pod::Spec.new do |s|
   tvos_deployment_target = '13.0'
   watchos_deployment_target = '7.0'
 
-  s.swift_version = '5.9'
+  s.swift_version = '6.0'
 
   s.ios.deployment_target = ios_deployment_target
   s.osx.deployment_target = osx_deployment_target

FirebaseAppDistribution.podspec

@@ -17,7 +17,7 @@ iOS SDK for App Distribution for Firebase.
 
   s.ios.deployment_target = '13.0'
 
-  s.swift_version = '5.9'
+  s.swift_version = '6.0'
 
   s.cocoapods_version = '>= 1.12.0'
   s.prefix_header_file = false

FirebaseAuth.podspec

@@ -24,7 +24,7 @@ supports email and password accounts, as well as several 3rd party authenticatio
   tvos_deployment_target = '13.0'
   watchos_deployment_target = '7.0'
 
-  s.swift_version = '5.9'
+  s.swift_version = '6.0'
 
   s.ios.deployment_target = ios_deployment_target
   s.osx.deployment_target = osx_deployment_target

FirebaseAuth/CHANGELOG.md

@@ -1,3 +1,6 @@
+# Unreleased
+- [fixed] Replaced unsafe uses of `os_unfair_lock` (#14548).
+
 # 11.12.0
 - [fixed] Fix a `fatalError` unenrolling from MFA. An invalid user token now throws an
   `invalidUserToken` error instead of crashing. (#14663)

FirebaseAuth/Interop/Public/FirebaseAuthInterop/FIRAuthInterop.h

@@ -28,13 +28,12 @@ typedef void (^FIRTokenCallback)(NSString *_Nullable_result token, NSError *_Nul
     NS_SWIFT_UNAVAILABLE("Use Swift's closure syntax instead.");
 
 /// Common methods for Auth interoperability.
-NS_SWIFT_NAME(AuthInterop)
-@protocol FIRAuthInterop
+NS_SWIFT_NAME(AuthInterop) NS_SWIFT_SENDABLE @protocol FIRAuthInterop
 
 /// Retrieves the Firebase authentication token, possibly refreshing it if it has expired.
 - (void)getTokenForcingRefresh:(BOOL)forceRefresh
-                  withCallback:
-                      (void (^)(NSString *_Nullable_result token, NSError *_Nullable error))callback
+                  withCallback:(void (^NS_SWIFT_UI_ACTOR)(NSString *_Nullable_result token,
+                                                          NSError *_Nullable error))callback
     NS_SWIFT_NAME(getToken(forcingRefresh:completion:));
 
 /// Get the current Auth user's UID. Returns nil if there is no user signed in.

FirebaseAuth/Sources/Swift/Auth/AuthComponent.swift

@@ -18,6 +18,7 @@ import FirebaseAppCheckInterop
 import FirebaseAuthInterop
 import FirebaseCore
 import FirebaseCoreExtension
+import FirebaseCoreInternal
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
 @objc(FIRAuthComponent)
@@ -33,7 +34,7 @@ class AuthComponent: NSObject, Library, ComponentLifecycleMaintainer {
   private var instances: [String: Auth] = [:]
 
   /// Lock to manage access to the instances array to avoid race conditions.
-  private var instancesLock: os_unfair_lock = .init()
+  private let instancesLock: FirebaseCoreInternal.FIRAllocatedUnfairLock<Void> = .init()
 
   // MARK: - Initializers
 
@@ -58,10 +59,10 @@ class AuthComponent: NSObject, Library, ComponentLifecycleMaintainer {
   // MARK: - AuthProvider conformance
 
   @discardableResult func auth() -> Auth {
-    os_unfair_lock_lock(&instancesLock)
+    instancesLock.lock()
 
     // Unlock before the function returns.
-    defer { os_unfair_lock_unlock(&instancesLock) }
+    defer { instancesLock.unlock() }
 
     if let instance = instances[app.name] {
       return instance

FirebaseAuth/Sources/Swift/Auth/AuthDataResult.swift

@@ -22,7 +22,8 @@ extension AuthDataResult: NSSecureCoding {}
 ///
 /// It contains references to a `User` instance and an `AdditionalUserInfo` instance.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-@objc(FIRAuthDataResult) open class AuthDataResult: NSObject {
+@objc(FIRAuthDataResult) open class AuthDataResult: NSObject,
+  @unchecked Sendable /* TODO: sendable */ {
   /// The signed in user.
   @objc public let user: User
 

FirebaseAuth/Sources/Swift/Auth/AuthTokenResult.swift

@@ -20,7 +20,8 @@ extension AuthTokenResult: NSSecureCoding {}
 /// A data class containing the ID token JWT string and other properties associated with the
 /// token including the decoded payload claims.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-@objc(FIRAuthTokenResult) open class AuthTokenResult: NSObject {
+@objc(FIRAuthTokenResult) open class AuthTokenResult: NSObject,
+  @unchecked Sendable /* TODO: sendable */ {
   /// Stores the JWT string of the ID token.
   @objc open var token: String
 

FirebaseAuth/Sources/Swift/AuthProvider/FederatedAuthProvider.swift

@@ -16,7 +16,7 @@ import Foundation
 
 /// Utility type for constructing federated auth provider credentials.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-@objc(FIRFederatedAuthProvider) public protocol FederatedAuthProvider: NSObjectProtocol {
+@objc(FIRFederatedAuthProvider) public protocol FederatedAuthProvider: NSObjectProtocol, Sendable {
   #if os(iOS)
 
     /// Used to obtain an auth credential via a mobile web flow.

FirebaseAuth/Sources/Swift/AuthProvider/OAuthProvider.swift

@@ -17,7 +17,8 @@ import Foundation
 
 /// Utility class for constructing OAuth Sign In credentials.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-@objc(FIROAuthProvider) open class OAuthProvider: NSObject, FederatedAuthProvider {
+@objc(FIROAuthProvider) open class OAuthProvider: NSObject, FederatedAuthProvider,
+  @unchecked Sendable /* TODO: sendable */ {
   @objc public static let id = "OAuth"
 
   /// Array used to configure the OAuth scopes.
@@ -268,7 +269,7 @@ import Foundation
     /// - Parameter completion: Optionally; a block which is invoked asynchronously on the main
     /// thread when the mobile web flow is completed.
     open func getCredentialWith(_ uiDelegate: AuthUIDelegate?,
-                                completion: ((AuthCredential?, Error?) -> Void)? = nil) {
+                                completion: (@MainActor (AuthCredential?, Error?) -> Void)? = nil) {
       guard let urlTypes = auth.mainBundleUrlTypes,
             AuthWebUtils.isCallbackSchemeRegistered(forCustomURLScheme: callbackScheme,
                                                     urlTypes: urlTypes) else {
@@ -281,13 +282,12 @@ import Foundation
         let eventID = AuthWebUtils.randomString(withLength: 10)
         let sessionID = AuthWebUtils.randomString(withLength: 10)
 
-        let callbackOnMainThread: ((AuthCredential?, Error?) -> Void) = { credential, error in
-          if let completion {
-            DispatchQueue.main.async {
+        let callbackOnMainThread: (@MainActor (AuthCredential?, Error?) -> Void) =
+          { credential, error in
+            if let completion {
               completion(credential, error)
             }
           }
-        }
         Task {
           do {
             guard let headfulLiteURL = try await self.getHeadfulLiteUrl(eventID: eventID,
@@ -296,15 +296,15 @@ import Foundation
                 "FirebaseAuth Internal Error: Both error and headfulLiteURL return are nil"
               )
             }
-            let callbackMatcher: (URL?) -> Bool = { callbackURL in
+            let callbackMatcher: @Sendable (URL?) -> Bool = { callbackURL in
               AuthWebUtils.isExpectedCallbackURL(callbackURL,
                                                  eventID: eventID,
                                                  authType: "signInWithRedirect",
                                                  callbackScheme: self.callbackScheme)
             }
-            self.auth.authURLPresenter.present(headfulLiteURL,
-                                               uiDelegate: uiDelegate,
-                                               callbackMatcher: callbackMatcher) { callbackURL, error in
+            await self.auth.authURLPresenter.present(headfulLiteURL,
+                                                     uiDelegate: uiDelegate,
+                                                     callbackMatcher: callbackMatcher) { callbackURL, error in
               if let error {
                 callbackOnMainThread(nil, error)
                 return
@@ -328,7 +328,7 @@ import Foundation
               callbackOnMainThread(credential, nil)
             }
           } catch {
-            callbackOnMainThread(nil, error)
+            await callbackOnMainThread(nil, error)
           }
         }
       }

FirebaseAuth/Sources/Swift/AuthProvider/PhoneAuthProvider.swift

@@ -19,7 +19,8 @@ import Foundation
 ///
 /// This class is available on iOS only.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-@objc(FIRPhoneAuthProvider) open class PhoneAuthProvider: NSObject {
+@objc(FIRPhoneAuthProvider) open class PhoneAuthProvider: NSObject,
+  @unchecked Sendable /* TODO: sendable */ {
   /// A string constant identifying the phone identity provider.
   @objc public static let id = "phone"
   private static let recaptchaVersion = "RECAPTCHA_ENTERPRISE"
@@ -56,7 +57,7 @@ import Foundation
     @objc(verifyPhoneNumber:UIDelegate:completion:)
     open func verifyPhoneNumber(_ phoneNumber: String,
                                 uiDelegate: AuthUIDelegate? = nil,
-                                completion: ((_: String?, _: Error?) -> Void)?) {
+                                completion: (@Sendable (_: String?, _: Error?) -> Void)?) {
       verifyPhoneNumber(phoneNumber,
                         uiDelegate: uiDelegate,
                         multiFactorSession: nil,
@@ -75,7 +76,7 @@ import Foundation
     open func verifyPhoneNumber(_ phoneNumber: String,
                                 uiDelegate: AuthUIDelegate? = nil,
                                 multiFactorSession: MultiFactorSession? = nil,
-                                completion: ((_: String?, _: Error?) -> Void)?) {
+                                completion: (@Sendable (String?, Error?) -> Void)?) {
       Task {
         do {
           let verificationID = try await verifyPhoneNumber(
@@ -135,7 +136,7 @@ import Foundation
     open func verifyPhoneNumber(with multiFactorInfo: PhoneMultiFactorInfo,
                                 uiDelegate: AuthUIDelegate? = nil,
                                 multiFactorSession: MultiFactorSession?,
-                                completion: ((_: String?, _: Error?) -> Void)?) {
+                                completion: (@Sendable (String?, Error?) -> Void)?) {
       Task {
         do {
           let verificationID = try await verifyPhoneNumber(
@@ -531,7 +532,7 @@ import Foundation
           "Internal error: reCAPTCHAURL returned neither a value nor an error. Report issue"
         )
       }
-      let callbackMatcher: (URL?) -> Bool = { callbackURL in
+      let callbackMatcher: @Sendable (URL?) -> Bool = { callbackURL in
         AuthWebUtils.isExpectedCallbackURL(
           callbackURL,
           eventID: eventID,
@@ -540,17 +541,19 @@ import Foundation
         )
       }
 
-      return try await withUnsafeThrowingContinuation { continuation in
-        self.auth.authURLPresenter.present(url,
-                                           uiDelegate: uiDelegate,
-                                           callbackMatcher: callbackMatcher) { callbackURL, error in
-          if let error {
-            continuation.resume(throwing: error)
-          } else {
-            do {
-              try continuation.resume(returning: self.reCAPTCHAToken(forURL: callbackURL))
-            } catch {
+      return try await withCheckedThrowingContinuation { continuation in
+        DispatchQueue.main.async {
+          self.auth.authURLPresenter.present(url,
+                                             uiDelegate: uiDelegate,
+                                             callbackMatcher: callbackMatcher) { callbackURL, error in
+            if let error {
               continuation.resume(throwing: error)
+            } else {
+              do {
+                try continuation.resume(returning: self.reCAPTCHAToken(forURL: callbackURL))
+              } catch {
+                continuation.resume(throwing: error)
+              }
             }
           }
         }

FirebaseAuth/Sources/Swift/Backend/AuthBackend.swift

@@ -23,7 +23,7 @@ import Foundation
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
 protocol AuthBackendProtocol: Sendable {
-  func call<T: AuthRPCRequest>(with request: T) async throws -> T.Response
+  func call<T: AuthRPCRequest>(with request: sending T) async throws -> T.Response
 }
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
@@ -48,7 +48,7 @@ final class AuthBackend: AuthBackendProtocol {
   /// * See FIRAuthInternalErrorCodeRPCResponseDecodingError
   /// - Parameter request: The request.
   /// - Returns: The response.
-  func call<T: AuthRPCRequest>(with request: T) async throws -> T.Response {
+  func call<T: AuthRPCRequest>(with request: sending T) async throws -> T.Response {
     let response = try await callInternal(with: request)
     if let auth = request.requestConfiguration().auth,
        let mfaError = Self.generateMFAError(response: response, auth: auth) {

FirebaseAuth/Sources/Swift/Backend/AuthRPCRequest.swift

@@ -16,7 +16,7 @@ import Foundation
 
 /// The generic interface for an RPC request needed by AuthBackend.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-protocol AuthRPCRequest {
+protocol AuthRPCRequest: Sendable {
   associatedtype Response: AuthRPCResponse
 
   /// Gets the request's full URL.

FirebaseAuth/Sources/Swift/Backend/AuthRequestConfiguration.swift

@@ -19,7 +19,7 @@ import FirebaseCoreExtension
 
 /// Defines configurations to be added to a request to Firebase Auth's backend.
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-final class AuthRequestConfiguration {
+final class AuthRequestConfiguration: @unchecked Sendable /* TODO: sendable */ {
   /// The Firebase Auth API key used in the request.
   let apiKey: String
 

FirebaseAuth/Sources/Swift/Backend/RPC/CreateAuthURIRequest.swift

@@ -44,7 +44,8 @@ private let kTenantIDKey = "tenantId"
 /// Represents the parameters for the createAuthUri endpoint.
 /// See https://developers.google.com/identity/toolkit/web/reference/relyingparty/createAuthUri
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class CreateAuthURIRequest: IdentityToolkitRequest, AuthRPCRequest {
+class CreateAuthURIRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = CreateAuthURIResponse
 
   /// The email or federated ID of the user.

FirebaseAuth/Sources/Swift/Backend/RPC/DeleteAccountRequest.swift

@@ -26,7 +26,8 @@ private let kIDTokenKey = "idToken"
 private let kLocalIDKey = "localId"
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class DeleteAccountRequest: IdentityToolkitRequest, AuthRPCRequest {
+class DeleteAccountRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = DeleteAccountResponse
 
   /// The STS Access Token of the authenticated user.

FirebaseAuth/Sources/Swift/Backend/RPC/EmailLinkSignInRequest.swift

@@ -33,7 +33,7 @@ private let kPostBodyKey = "postBody"
 private let kTenantIDKey = "tenantId"
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class EmailLinkSignInRequest: IdentityToolkitRequest, AuthRPCRequest {
+class EmailLinkSignInRequest: IdentityToolkitRequest, AuthRPCRequest, @unchecked Sendable {
   typealias Response = EmailLinkSignInResponse
 
   let email: String

FirebaseAuth/Sources/Swift/Backend/RPC/GetAccountInfoRequest.swift

@@ -24,7 +24,8 @@ private let kIDTokenKey = "idToken"
 /// Represents the parameters for the getAccountInfo endpoint.
 /// See https://developers.google.com/identity/toolkit/web/reference/relyingparty/getAccountInfo
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class GetAccountInfoRequest: IdentityToolkitRequest, AuthRPCRequest {
+class GetAccountInfoRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = GetAccountInfoResponse
 
   /// The STS Access Token for the authenticated user.

FirebaseAuth/Sources/Swift/Backend/RPC/GetOOBConfirmationCodeRequest.swift

@@ -112,7 +112,8 @@ protocol SuppressWarning {
 extension ActionCodeSettings: SuppressWarning {}
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class GetOOBConfirmationCodeRequest: IdentityToolkitRequest, AuthRPCRequest {
+class GetOOBConfirmationCodeRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = GetOOBConfirmationCodeResponse
 
   /// The types of OOB Confirmation Code to request.

FirebaseAuth/Sources/Swift/Backend/RPC/GetProjectConfigRequest.swift

@@ -18,7 +18,8 @@ import Foundation
 private let kGetProjectConfigEndPoint = "getProjectConfig"
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class GetProjectConfigRequest: IdentityToolkitRequest, AuthRPCRequest {
+class GetProjectConfigRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = GetProjectConfigResponse
 
   init(requestConfiguration: AuthRequestConfiguration) {

FirebaseAuth/Sources/Swift/Backend/RPC/GetRecaptchaConfigRequest.swift

@@ -44,7 +44,8 @@ private let kVersionKey = "version"
 private let kTenantIDKey = "tenantId"
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class GetRecaptchaConfigRequest: IdentityToolkitRequest, AuthRPCRequest {
+class GetRecaptchaConfigRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = GetRecaptchaConfigResponse
 
   required init(requestConfiguration: AuthRequestConfiguration) {

FirebaseAuth/Sources/Swift/Backend/RPC/MultiFactor/Enroll/FinalizeMFAEnrollmentRequest.swift

@@ -20,7 +20,8 @@ private let kFinalizeMFAEnrollmentEndPoint = "accounts/mfaEnrollment:finalize"
 private let kTenantIDKey = "tenantId"
 
 @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
-class FinalizeMFAEnrollmentRequest: IdentityToolkitRequest, AuthRPCRequest {
+class FinalizeMFAEnrollmentRequest: IdentityToolkitRequest, AuthRPCRequest,
+  @unchecked Sendable /* TODO: sendable */ {
   typealias Response = FinalizeMFAEnrollmentResponse
 
   let idToken: String?