Hello,
I'm generating RSA keypair using "SecKeyGeneratePair" method with access control flags (kSecAccessControlTouchIDCurrentSet) and when i try to access the private key through "SecItemCopyMatching" method, I'm getting TouchID/ FaceID prompt.
1. if the user gives wrong finger for TouchID prompt, we get the status as -25293. This is expected as user gave wrong fingerprint.
errSecAuthFailed = -25293, /* The user name or passphrase you entered is not correct. */2. If the user has locked out Touch ID with Max failure attempts, TouchID prompt does not show up when I call "SecItemCopyMatching". It just fails with the same -25293 status as above.
My question is, how can we differentiate between 1st and 2nd scenario. In first case, as the TouchID prompt appears, it's evident with TouchID prompt messages and we can handle the error status. Is there anyway to know the TouchID lock out scenario when we use access control for Keychain items.
When we use LocalAuthentication framework, we get the status as "LAErrorAuthenticationFailed" for 1st scenario and "LAErrorBiometryLockout" for 2nd.
