Hi! I'm developing a custom intent for a medical iOS application. Since this intent (and future intents) has to deal with sensitive patient information, I need to guarantee that the person accessing the shortcut is someone allowed to do so. Asking for the user to log in every time they use the shortcut would defeat its nimble purpose, so the solution I came up with is to save the user credentials into Keychain the first time they log in the app, and then use LAContext().evaluatePolicy from within the shortcut to verify the user's identity. Once it's confirmed, I just log in using the stored credentials and everything is good to go.
I actually managed to get this working, but only when the shortcut is called via Siri. For some reason, whenever I try to use this authentication procedure by calling it via Search or the Shortcuts App, I get the following error:
Error Domain=com.apple.LocalAuthentication Code=-1004 "Caller is not running foreground."
I'm aware there's also the "Restricted While Locked" Authentication flag for intents, I just want to make sure that if an unauthorised person were to get their hands on an unlocked device, they still would have to deal with another security barrier.