We have implemented a Notification Service Extension in our app to handle remote notification and access keychain to get certificate and identity to refresh network relay configuration. Using SecItemCopyMatching to get SecIdentityRef works when device is unlocked. Whenever push notification arrives and device is locked, our notification service extension failed to access keychain to get identity reference with error code -25308 errSecInteractionNotAllowed.
It looks like keychain is locked when device is locked. Is there a way to make keychain unlocked?