I'm trying to figure out whether it's possible to authenticate a user as an admin using Touch ID on macOS. And Using _public_ APIs (*)
Basically, what I'm trying to achieve is:
1. User clicks on a button to perform a task that can only performed by a user who is allowed to administer the computer.
2. A standard security authentication dialog appears and allows to authenticate using Touch ID.
3. A AuthenticationRef is retrieved.
When I look at the Local Authentication API, I see multiple limitations (by design or not):
- it lets you prove you are the current user. But it does not check that you are an admin user.
- the dialog does not work as the one in Installer.app for instance:
. if you move the authentication dialog to a screen corner and then click the User Password… button, the Password window is displayed on the center of the screen.
- it does not seem possible to retrieve a AuthorizationRef.
Question
Are there public API or services that allows to check for admin privileges which support Touch ID?
* I know it's possible using private frameworks since this for instance what the Startup Disk preference pane does.
