Hi everyone,
I'm working on a macOS authorization plugin (NameAndPassword) to enable users to log into their system using only MFA, effectively making it passwordless. To achieve this, I'm attempting to store the user's password securely in the Keychain so it can be used when necessary without user input.
However, when I attempt to store the password, I encounter error code -25308. Below is the code I'm using to save the password to the Keychain:
objc code
(void)storePasswordInKeychain:(NSString *)password forAccount:(NSString *)accountName {
NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding];
NSDictionary *query = @{
(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService: @"com.miniOrange.nameandpassword",
(__bridge id)kSecAttrAccount: accountName,
(__bridge id)kSecValueData: passwordData,
(__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleAfterFirstUnlock
};
// Delete any existing password for the account
OSStatus deleteStatus = SecItemDelete((__bridge CFDictionaryRef)query);
if (deleteStatus == errSecSuccess || deleteStatus == errSecItemNotFound) {
[Logger debug:@"Old password entry deleted or not found."];
} else {
[Logger error:@"Failed to delete existing password: %d", (int)deleteStatus];
}
// Add the new password
OSStatus addStatus = SecItemAdd((__bridge CFDictionaryRef)query, NULL);
if (addStatus == errSecSuccess) {
[Logger debug:@"Password successfully saved to the Keychain."];
} else {
[Logger error:@"Failed to save password: %d", (int)addStatus];
}
}
Any insights or suggestions would be greatly appreciated!