Obviously macOS allows to leave the password field blank so users can set the blank password. But in this case LAContext evaluatePolicy never allow authentication with empty password unlike System Settings(System Preferences). And canEvaluatePolicy produces true on macOS Catalina and BigSur. (while macOS Ventura returns false with "Passcode is not set." NSError)
I tested with Intel macOS 11.7 BigSur and M1 macOS 13 Ventura, they work differently but they both failed to authenticate. The detail is as follows:
[Intel / macOS 11.7 BigSur] & [Intel / macOS 10.15.7 Catalina]
When evaluatePolicy called, the password window popped up. If I just click 'OK' button, the password window closed and popped up again right away. And clicking 'OK' again produces an error:
(ACMContextVerifyPolicyEx returned 0, still requesting 1:1, 3:1, 15:1 (on context 9c1ee373))
And canEvaluatePolicy with LAPolicyDeviceOwnerAuthentication returns true on these environments..
[M1 / macOS 13 Ventura]
When evaluatePolicy called, the password window doesn't pop up with an error: (passcode is not set.)
Is this a bug or is there any way that I can figure out this case?
Is there any possibility that having an update in the future for
canEvaluatePolicyandevaluatePolicyor macOS so they can work the same on macOS 13 and less than macOS 13?
I can’t predict the future, alas. However, I think it’s reasonable to predict future behaviour based on past behaviour, and in recent years Apple has only updated older OS releases to fix security problems.
Unlike
evaluatePolicy, withSFAuthorizationViewand System Settings (System Preferences), they can just pass the password window with 'OK' button without typing password. Is the different behaviour ofevaluatePolicyintended?
SFAuthorizationView uses Authorisation Services, a very different, and much older, subsystem.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"