I think I found more to the problem and posted below.
Post
Replies
Boosts
Views
Activity
Edit:
The actual order is, first read the custom key from the SE, and then let the attestation service read its own key.
I've tried to use the following when querying for the custom key, but I would probably need a way to attach this same context to the operations the attestation service is doing to query for its key.
let context = LAContext()
context.touchIDAuthenticationAllowableReuseDuration = 10
let query: [String: Any] = [..,
kSecUseAuthenticationContext as String: context,
..]
I'm guessing that DCAppAttestService just lets SecItemCopyMatching create a fresh LAContext?