I didn't get to work on this problem for a while, but now I think I have pinpointed the root of our problem.
We first use the device check attestation service (DCAppAttestService) that does its thing with the Secure Enclave and then we do something else also with the Secure Enclave.
If I understand right, both the Apple attest service and our keychain code need to use the same LAContext to only prompt for one FaceID or Passcode?
The problem is, I do not know a way to tell the attest service what LAContext to use. It just takes in the keyId String.
DCAppAttestService > generateAssertion
Is there any way to make this work?
akolio
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for
Post
Replies
Boosts
Views
Activity
Thanks for confirming the findings!
I filed a feedback report with the number:
FB15077680