I'm writing an application which is using a custom right to require that a user authenticate as an admin to access a specific part of my app, and I'm struggling with cases where smart card usage is enforced.
The simplest way is to use a custom right, but the dialog presented to the user gives no feedback that smartcard is required should they try to authenticate with password when the token isn't connected (i.e. a yubikey for example isn't plugged in to the USB bus)
Instead, in this case, the authentication dialog simply wobbles as though they hadn't entered the correct password.
It looks like the same is true of default macOS dialogs too such as unlocking a preference pane.
I've looked around the API docks to see if there's any other way I can do this, but I don't seem to find any API methods that explicitly state I want the user to authenticate with a PIV token?
Do I need to use CryptoTokenKit to send raw ADPU commands to a connected token to achieve this?
I was hoping I could use LAContext from LocalAuthentication to do this as it supports watch/fingerprint auth, but again I couldn't see any obvious sign of support for smartcards.
The simplest way is to use a custom right, but the dialog presented to the user gives no feedback that smartcard is required should they try to authenticate with password when the token isn't connected (i.e. a yubikey for example isn't plugged in to the USB bus)
Instead, in this case, the authentication dialog simply wobbles as though they hadn't entered the correct password.
It looks like the same is true of default macOS dialogs too such as unlocking a preference pane.
I've looked around the API docks to see if there's any other way I can do this, but I don't seem to find any API methods that explicitly state I want the user to authenticate with a PIV token?
Do I need to use CryptoTokenKit to send raw ADPU commands to a connected token to achieve this?
I was hoping I could use LAContext from LocalAuthentication to do this as it supports watch/fingerprint auth, but again I couldn't see any obvious sign of support for smartcards.