On macOS, in the Apple Passwords app (currently inside Settings but soon to be it's own full fledged app in Sequoia) the user is presented with a screen requesting that they touch the fingerprint reader (see attached). If we'd like to do something similar, e.g. unlock some sensitive/secure part of our app, by requesting the user touch the Touch ID sensor, but without doing the whole system prompt (LAContext.evaluatePolicy()), how can we do that? Is that possible for mere mortal developers, and if not, why not?

Hi, I'm looking for best practices for unlocking TouchID in a Mac app when using canEvaluatePolicy. Documentation says: Biometric authentication will get locked after 5 unsuccessful attempts. After that, users have to unlock it by entering their account password. The password can be entered either at login window or in the preference sheets or even in application by the means of LAPolicyDeviceOwnerAuthentication. The system unlock is preferred user experience because we generaly don't want users to enter their account password at application's request. So if we shouldn't manage Mac's password in the app, how to invite user to unlock ? Explaining he must lock/unlock the session or open any preference panel isn't a fluent experience and would definitely seems weird. I tried adding an 'Unlock' button in an alert and locking the screen automatically but this raises extras complexities: pmset can put the screen to sleep but won't lock in case of grace period sending an cmd-ctl-Q AppleEvent to System Events could fit but it depends on user acceptance for AEs and fails when System Events isn't running. Any ideas ?

Hi, We're using SecKeyCreateRandomKey to generate a random key with access control kSecAttrAccessControl key set to `kSecAccessControlTouchIDAny' using below code SecAccessControlCreateWithFlags( kCFAllocatorDefault, kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, kSecAccessControlTouchIDAny | kSecAccessControlPrivateKeyUsage, &error) Now, while accessing the key with below code, we're not seeing any biometric prompt on simulator where as the biometric prompt is shown in all physical devices and the key is returned only on successful authentication with FaceID (or) Touch ID. Can someone please help to understand why the behaviour is different in simulators NSDictionary *privateKeySearchQueryParam = @{ (id)kSecClass: (id)kSecClassKey, (id)kSecAttrKeyType: (id)kSecAttrKeyTypeEC, (id)kSecAttrLabel: keyName, (id)kSecReturnRef: @YES };

Hello, we trying to develop passwordless flow in the browser, but when we invoke navigator.credentials.create, it resolves an empty object {}. We acquired options from StrongKey server and parsed them in navigator options as was shown on wwdc20-10670 demo. An excerpt of source code is below: { 		publicKey: { 				rp: {name: queryParams.rpName}, 				user: { 						name: queryParams.userName, 						id: toUint8Array(queryParams.userId), 						displayName: queryParams.displayName 				}, 				pubKeyCredParams: [{type: "public-key", alg: -7}], 				challenge: toUint8Array(queryParams.challenge), 				authenticatorSelection: {authenticatorAttachment: "platform",}, 				attestation: "direct" 		} } The user is requested to proceed with TouchID/FaceID/etc. and everything looks as expected, but the returned value is empty. We have tested the flow in the latest Chrome, Safari and Safari for iOS. Has anyone encountered this behavior as well?