Post

Replies

Boosts

Views

Activity

Reply to Verify the Password using the AuthorizationCopyRights
[quote='816974022, DTS Engineer, /thread/770243?answerId=816974022#816974022'] Create a second mechanism that gets the password from the context and saves it, then add that mechanism near the end of the mechanisms array, after builtin:authenticate. [/quote] The Issue with this is that if someone changes the password, I want to show the password field again so that the user can enter his new password, but I cannot verify whether the stored password is correct.
1w
Reply to Verify the Password using the AuthorizationCopyRights
[quote='816817022, DTS Engineer, /thread/770243?answerId=816817022#816817022'] If that fails, the system will retry, running the mechanisms from the start, and so you’ll get another go at this. [/quote] The issue I’m facing is that I’m trying to implement a feature to save the password in the macOS Keychain (I haven’t fully reached that part yet—still figuring it out). However, if someone enters the wrong password, I want to ensure it doesn’t get saved in the Keychain. And there is no way for me know if the password is correct or not Do you have any alternative suggestions or approaches to achieve this functionality? Your insights would be greatly appreciated!
2w
Reply to Storing Password in System keychain (File-Based Keychain) for MFA Authorization Plugin
So I have write this code func systemKeychain() -> SecKeychain? { var searchListQ: CFArray? = nil let err = SecKeychainCopyDomainSearchList(.system, &searchListQ) guard err == errSecSuccess else { return nil } let searchList = searchListQ! as! [SecKeychain] return searchList.first } func storePasswordInSpecificKeychain(service: String, account: String, password: String) -> OSStatus { // Get a reference to the System Keychain guard let systemKeychainRef = systemKeychain() else { print("Error: Could not get a reference to the system keychain.") return errSecNoSuchKeychain } // Convert the password to Data guard let passwordData = password.data(using: .utf8) else { print("Failed to convert password to data.") return errSecParam } // Define the query to add the password let query: [String: Any] = [ kSecClass as String: kSecClassGenericPassword, kSecAttrService as String: service, kSecAttrAccount as String: account, kSecValueData as String: passwordData, kSecUseKeychain as String: systemKeychainRef // Specify the System Keychain ] // Add the item to the System Keychain let status = SecItemAdd(query as CFDictionary, nil) // Handle the result if status == errSecSuccess { print("Password successfully added to the System Keychain.") } else if status == errSecDuplicateItem { print("Item already exists. Consider updating it instead.") } else { print("Failed to add password: \(SecCopyErrorMessageString(status,nil) ?? "Unknown error" as CFString)") } return status } but I am getting the error Failed to add password: Write permissions error. Operation status: -61 how I can give resolve this
4w
Reply to macOS Authorization Plugin: Keychain Error -25308 When Storing Password
Thanks for the response! Apologies for the formatting issues earlier; this is my first post. I wanted to ask for more insights into achieving the passwordless feature for my MFA module. Specifically, my approach is to use the Keychain to securely store the user's password and fetch it later for authentication. I'm using kSecAttrAccessibleAfterFirstUnlock because I assumed that once the user unlocks the device after a restart (using their password), I would then be able to access the Keychain to retrieve the stored password. Am I misunderstanding how kSecAttrAccessibleAfterFirstUnlock works in the context of an authorization plugin? Or is there a better way to securely store and retrieve the password for this use case? Looking forward to your suggestions!
Nov ’24