Double prompt when accessing keychain item using SecItemCopyMatching()

App & System Services Core OS
Cykelero OP
Created Feb ’24
Replies 2
Boosts 1
Views 340
Participants 2

The macOS app I'm working on accesses keychain items created by other apps—git remote credentials, likely entered in the Terminal or some other git client.

When calling SecItemCopyMatching(), the user is prompted twice in a row:

  1. AppName wants to use your confidential information stored in "host.org" in your keychain.
  2. AppName wants to access key "host.org" in your keychain.

The user needs to enter their login password for each of the two prompts for the access to succeed.

Can I consolidate the two prompts into one? The experience with two alerts is somewhat confusing and tedious, compared to what it could be—especially since there is no way of displaying a usage description string in the window, to reassure and provide context.

Replies  2
Boosts  1
Views  340
Participants  2
DTS Engineer OP
Apple
Feb ’24

When it comes to access control in the file-based keychain, the devil is in the details. Can you post screen shots of those two alerts? Or their full text and the titles of the buttons they include? [1]

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] Like the frankly-fabulous-if-I-don’t-say-so-myself ASCII art in Resolving errSecInternalComponent errors during code signing (-:

0
Cykelero OP
Feb ’24

Sure! Here's the first dialog:

And the second:

Of note, the second dialog only appears if you choose “Allow” in the first. If you instead choose “Always Allow”, the second dialog is skipped. (and the keychain read succeeds)

0
Double prompt when accessing keychain item using SecItemCopyMatching()
First post date Last post date
 
 
Q