Touch ID doesn't work on the lock screen from a launch agent

In macOS Catalina and earlier, I could invoke Touch ID (calling evaluatePolicy) from a launch agent while being on the lock screen. It worked a little bit different though, not like for a standard app, without showing the native Touch ID prompt, just like in the LoginWindow app. Unfortunately, this scenario absolutely doesn't work in Bir Sur giving the error:
Code Block 
coreauthd	MechanismUI[39] has finished with Error Domain=com.apple.LocalAuthentication Code=-1004 "Can't show UI while not in a console session" UserInfo={NSLocalizedDescription=Can't show UI while not in a console session}

My questions are:
What is the "console session" in the evaluatePolicy context?
Can I emulate the previous behaviour somehow? Are there any workarounds?

I noticed that the native macOS apps like LoginWindow and so on work with Touch ID as usual even from the lock screen. The only difference I noticed is that these apps use the private version of the method evaluatePolicy with a specified uiDelegate.
Up vote post of Lex_A Down vote post of Lex_A
1k views
Posted by
Lex_A
Reply
Add a Comment

Replies

Can I emulate the previous behaviour somehow?

No.

We only support Touch ID from a standard app context. Folks ran into this on 10.15 (I think) where using Touch ID from a Network Extension provider stopped work. I’ve also researched this in the specific context of a pre-login context (a authorisation plug-in) and confirmed that this is not expected to work.

Sorry.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

We only support Touch ID from a standard app context. Folks ran into this on 10.15 (I think) where using Touch ID from a Network Extension provider stopped work. I’ve also researched this in the specific context of a pre-login context (a authorisation plug-in) and confirmed that this is not expected to work.

Understood, thanks.
Can you suggest a better way to make a feature request for our customers then?
In Feedback Assistant there is no division into bugs and features.

Another question, all features are always for the public, and it's not possible to request a "private" feature from Apple especially for another company. I mean there is no partnership programs between Apple and another company?

Please correct me if I'm wrong.




Posted by
Lex_A
Up vote reply of Lex_A Down vote reply of Lex_A
Add a Comment

Can you suggest a better way to make a feature request for our
customers then?

Regardless of what else you do, you should start by filing a request in Feedback Assistant. Apple is a big company and we use these requests to coordinate work between the various teams involved.

IMPORTANT It’s critical that you use the right component (in the Which area are you seeing an issue with? popup). The top of that list contains a selection of user-oriented components. To see the developer-oriented components, scroll past those to the bottom. In this case you want to scroll past Security and on to Security framework (well, LocalAuthentication would be a better choice in this specific case, but my point holds in general).

In Feedback Assistant there is no division into bugs and features.

In the What type of issue are you reporting? popup, choose:

  • Suggestion for enhancement requests

  • One of the other items for bug reports

I mean there is no partnership programs between Apple and another
company?

I can’t comment on that because DTS only supports the public APIs in our various platform SDKs [1].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"

[1] Plus accessory development and specific Apple services and protocols.
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment