As I see that it's not possible to provide a prompt for the application password or have any kind of UI apart from biometrics in the persistent token extension
from here: https://developer.apple.com/forums/thread/131694?answerId=416382022#416382022.
Is there a way to get the details of the consumer application requesting service from the Persistent token extension?
Is there a way to whitelist applications as only those applications can access the service from the extension?
Also can we block the use of keys hosted by a managed app from an unmanaged app?