Scoping App Attest keys to an appTransactionID

Hi StoreKit team,

I posted a question in the App Attest forum yesterday that is related to StoreKit [1]. The engineers there recommended I post here.

I'd like to use StoreKit 2's appTransactionID [2] as an ID to tie App Attest keys to anonymous users (that is, users that I don't enforce signup/login of).

The design I'm thinking of is basically:

1. Get the appTransactionID at launch
2. Look in keychain to see if I already have an attestation key for this appTransactionID (treating keychain as a k/v store where the key is appTransactionID)
3. If yes, use that key for ongoing assertions as requests are made to my backend
4. Else, go through the initial process of key generation and attestation

Do you see any gotchas with using appTransactionID in this way? From the docs, it looks to be exactly what I need:

The App Store generates a single, globally unique appTransactionID for each Apple Account that downloads your app and for each family group member for apps that support Family Sharing.

This value remains the same for the same Apple Account and app if the customer redownloads the app on any device, receives a refund, repurchases the app, or changes the storefront. For apps that support Family Sharing, the appTransactionID is unique for each family group member.

But I'm curious if this application of using appTransactionID as the key identifier to pull values out of keychain raises any flags for you.

Thank you,

Lou

[1] https://developer.apple.com/forums/thread/831468

[2] https://developer.apple.com/documentation/storekit/apptransaction/apptransactionid