refactor: authenticate() methods for different providers

Author: russellwheatley

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift

@@ -15,6 +15,32 @@
 import FirebaseAuth
 import SwiftUI
 
+/// Context information for reauthentication
+public struct ReauthContext: Equatable {
+  public let providerId: String
+  public let providerName: String
+  public let phoneNumber: String?
+  public let email: String?
+
+  public init(providerId: String, providerName: String, phoneNumber: String?, email: String?) {
+    self.providerId = providerId
+    self.providerName = providerName
+    self.phoneNumber = phoneNumber
+    self.email = email
+  }
+
+  public var displayMessage: String {
+    switch providerId {
+    case EmailAuthProviderID:
+      return "Please enter your password to continue"
+    case PhoneAuthProviderID:
+      return "Please verify your phone number to continue"
+    default:
+      return "Please sign in with \(providerName) to continue"
+    }
+  }
+}
+
 /// Describes the specific type of account conflict that occurred
 public enum AccountConflictType: Equatable {
   /// Account exists with a different provider (e.g., user signed up with Google, trying to use
@@ -72,8 +98,17 @@ public enum AuthServiceError: LocalizedError {
   case invalidEmailLink(String)
   case clientIdNotFound(String)
   case notConfiguredActionCodeSettings(String)
-  case reauthenticationRequired(String)
-  case phoneReauthenticationRequired(phoneNumber: String)
+  
+  /// Simple reauthentication required (Google, Apple, Facebook, Twitter, etc.)
+  /// Can be passed directly to `reauthenticate(context:)` method
+  case simpleReauthenticationRequired(context: ReauthContext)
+  
+  /// Email reauthentication required - user must handle password prompt externally
+  case emailReauthenticationRequired(context: ReauthContext)
+  
+  /// Phone reauthentication required - user must handle SMS verification flow externally
+  case phoneReauthenticationRequired(context: ReauthContext)
+  
   case invalidCredentials(String)
   case signInFailed(underlying: Error)
   case accountConflict(AccountConflictContext)
@@ -93,10 +128,12 @@ public enum AuthServiceError: LocalizedError {
       return description
     case let .notConfiguredActionCodeSettings(description):
       return description
-    case let .reauthenticationRequired(description):
-      return description
-    case let .phoneReauthenticationRequired(phoneNumber):
-      return "Phone reauthentication required for \(phoneNumber)"
+    case let .simpleReauthenticationRequired(context):
+      return "Please sign in again with \(context.providerName) to continue"
+    case let .emailReauthenticationRequired(context):
+      return "Please enter your password to continue"
+    case let .phoneReauthenticationRequired(context):
+      return "Please verify your phone number to continue"
     case let .invalidCredentials(description):
       return description
     // Use when failed to sign-in with Firebase

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -706,43 +706,57 @@ public extension AuthService {
     currentUser = auth.currentUser
   }
 
-  /// Reauthenticates the current user with their sign-in provider
-  /// - Throws: `AuthServiceError.phoneReauthenticationRequired` for phone auth users
-  /// - Throws: `AuthServiceError.providerNotFound` if provider is not configured
-  func reauthenticate() async throws {
+  /// Reauthenticates with a simple provider (Google, Apple, Facebook, Twitter, etc.)
+  /// - Parameter context: The reauth context from `simpleReauthenticationRequired` error
+  /// - Throws: Error if reauthentication fails or provider is not found
+  /// - Note: This only works for providers that can automatically obtain credentials.
+  ///         For email/phone, handle the flow externally and use `reauthenticate(with:)`
+  public func reauthenticate(context: ReauthContext) async throws {
     guard let user = currentUser else {
       throw AuthServiceError.noCurrentUser
     }
-
-    // Get the provider from the token instead of stored credential
+    
+    // Find the provider and get credential
+    guard let matchingProvider = providers.first(where: { $0.id == context.providerId }),
+          let credentialProvider = matchingProvider.provider as? CredentialAuthProviderSwift else {
+      throw AuthServiceError.providerNotFound("No provider found for \(context.providerId)")
+    }
+    
+    let credential = try await credentialProvider.createAuthCredential()
+    try await user.reauthenticate(with: credential)
+    currentUser = auth.currentUser
+  }
+  
+  /// Reauthenticates with a pre-obtained credential
+  /// Use this when you've handled getting the credential yourself (email/phone)
+  /// - Parameter credential: The authentication credential to use for reauthentication
+  /// - Throws: Error if reauthentication fails
+  public func reauthenticate(with credential: AuthCredential) async throws {
+    guard let user = currentUser else {
+      throw AuthServiceError.noCurrentUser
+    }
+    try await user.reauthenticate(with: credential)
+    currentUser = auth.currentUser
+  }
+  
+  /// Internal helper to create reauth context and throw appropriate error
+  /// - Throws: Appropriate `AuthServiceError` based on the provider type
+  private func requireReauthentication() async throws -> Never {
     let providerId = try await getCurrentSignInProvider()
-
-    if providerId == EmailAuthProviderID {
-      guard let email = user.email else {
-        throw AuthServiceError.invalidCredentials("User does not have an email address")
-      }
-
-      guard let emailProvider = emailProvider else {
-        throw AuthServiceError.providerNotFound(
-          "Email provider not configured. Call withEmailSignIn() first."
-        )
-      }
-
-      let credential = try await emailProvider.createReauthCredential(email: email)
-      try await user.reauthenticate(with: credential)
-    } else if providerId == PhoneAuthProviderID {
-      guard let phoneNumber = user.phoneNumber else {
-        throw AuthServiceError.invalidCredentials("User does not have a phone number")
-      }
-
-      // Throw error with context for phone reauthentication
-      throw AuthServiceError.phoneReauthenticationRequired(phoneNumber: phoneNumber)
-    } else if let matchingProvider = providers.first(where: { $0.id == providerId }),
-              let credentialProvider = matchingProvider.provider as? CredentialAuthProviderSwift {
-      let credential = try await credentialProvider.createAuthCredential()
-      try await user.reauthenticate(with: credential)
-    } else {
-      throw AuthServiceError.providerNotFound("No provider found for \(providerId)")
+    let context = ReauthContext(
+      providerId: providerId,
+      providerName: getProviderDisplayName(providerId),
+      phoneNumber: currentUser?.phoneNumber,
+      email: currentUser?.email
+    )
+    
+    switch providerId {
+    case EmailAuthProviderID:
+      throw AuthServiceError.emailReauthenticationRequired(context: context)
+    case PhoneAuthProviderID:
+      throw AuthServiceError.phoneReauthenticationRequired(context: context)
+    default:
+      throw AuthServiceError.simpleReauthenticationRequired(context: context)
     }
   }
 
@@ -769,13 +783,35 @@ public extension AuthService {
       ?? user.providerData.first?.providerID
 
     guard let providerId = providerId else {
-      throw AuthServiceError.reauthenticationRequired(
+      throw AuthServiceError.invalidCredentials(
         "Unable to determine sign-in provider for reauthentication"
       )
     }
 
     return providerId
   }
+  
+  /// Get a user-friendly display name for a provider ID
+  /// - Parameter providerId: The provider ID from Firebase Auth
+  /// - Returns: A user-friendly name for the provider
+  private func getProviderDisplayName(_ providerId: String) -> String {
+    switch providerId {
+    case EmailAuthProviderID:
+      return "Email"
+    case PhoneAuthProviderID:
+      return "Phone"
+    case "google.com":
+      return "Google"
+    case "apple.com":
+      return "Apple"
+    case "facebook.com":
+      return "Facebook"
+    case "twitter.com":
+      return "Twitter"
+    default:
+      return providerId
+    }
+  }
 
   func unenrollMFA(_ factorUid: String) async throws -> [MultiFactorInfo] {
     guard let user = auth.currentUser else {

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/ReauthenticationCoordinator.swift

@@ -15,32 +15,6 @@
 import FirebaseAuth
 import Observation
 
-/// Context information for reauthentication UI
-public struct ReauthContext {
-  public let providerId: String
-  public let providerName: String
-  public let phoneNumber: String?
-  public let email: String?
-
-  public init(providerId: String, providerName: String, phoneNumber: String?, email: String?) {
-    self.providerId = providerId
-    self.providerName = providerName
-    self.phoneNumber = phoneNumber
-    self.email = email
-  }
-
-  public var displayMessage: String {
-    switch providerId {
-    case EmailAuthProviderID:
-      return "Please enter your password to continue"
-    case PhoneAuthProviderID:
-      return "Please verify your phone number to continue"
-    default:
-      return "Please sign in with \(providerName) to continue"
-    }
-  }
-}
-
 /// Coordinator for handling reauthentication flows
 @MainActor
 @Observable

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/ReauthenticationHelpers.swift

@@ -15,23 +15,27 @@
 import FirebaseAuth
 
 /// Execute an operation that may require reauthentication
+/// Automatically handles simple providers (Google, Apple, etc.)
+/// For email/phone, the coordinator must be provided to handle the UI flow
 /// - Parameters:
 ///   - authService: The auth service managing authentication
-///   - coordinator: The coordinator managing reauthentication UI
+///   - coordinator: The coordinator managing reauthentication UI (for email/phone)
 ///   - operation: The operation to execute
 /// - Throws: Rethrows errors from the operation or reauthentication process
 @MainActor
-public func withReauthenticationIfNeeded(authService: AuthService,
-                                         coordinator: ReauthenticationCoordinator,
-                                         operation: @escaping () async throws
-                                           -> Void) async throws {
+public func withReauthenticationIfNeeded(
+  authService: AuthService,
+  coordinator: ReauthenticationCoordinator,
+  operation: @escaping () async throws -> Void
+) async throws {
   do {
     try await operation()
   } catch let error as NSError {
     // Check if reauthentication is needed
     if error.domain == AuthErrorDomain,
        error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
        error.code == AuthErrorCode.userTokenExpired.rawValue {
+      
       // Determine the provider context
       let providerId = try await authService.getCurrentSignInProvider()
       let context = ReauthContext(
@@ -40,10 +44,18 @@ public func withReauthenticationIfNeeded(authService: AuthService,
         phoneNumber: authService.currentUser?.phoneNumber,
         email: authService.currentUser?.email
       )
-
-      // Request reauthentication from user with context
-      try await coordinator.requestReauth(context: context)
-
+      
+      // Handle based on provider type
+      switch providerId {
+      case PhoneAuthProviderID, EmailAuthProviderID:
+        // For email/phone, use coordinator to handle UI flow
+        try await coordinator.requestReauth(context: context)
+        
+      default:
+        // For simple providers (Google, Apple, etc.), AuthService can handle it directly
+        try await authService.reauthenticate(context: context)
+      }
+      
       // Retry the operation after successful reauth
       try await operation()
     } else {