SecKeychainSetUserInteractionAllowed deprecated

SecKeychainSetUserInteractionAllowed has been deprecated on macOS 12, however I find that it is important for my application to be able to disable Keychain interactions.

What is the alternative?

My use case: I all purpose web browser, using WebKit, focused on privacy. Some websites try to request access to the keychain to store/retrieve passwords or certificates, the problem is that when this happens there is an alert prompting the users to grant access "to my app to use the keychain", when in reality is the website that wants to do this. This is not the kind of experience I want my users to have and for a long time I have been just disabling the keychain.

Up vote post of vaux Down vote post of vaux
906 views
Posted by
vaux
Reply
Add a Comment

Replies

Is it your code making the keychain requests? If so, you can control user interaction via kSecUseAuthenticationUI.

If it’s not your code making these keychain requests then you should continue using SecKeychainSetUserInteractionAllowed for the moment but also file an enhancement request against the Security framework with details about your specific use case.

Hmmm, it might also make sense to file an enhancement request against WebKit requesting some sort of delegate mechanism so that you can control how the web view uses the keychain.

Please post any bug numbers you get, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

kSecUseAuthenticationUIFail(deprecated) and kSecUseAuthenticationUISkip don't actually seem to work with passwords (probably other secrets too) in Monterey 12.5 FB11153260 The old API still works though.

Posted by
TyngJJ
Up vote reply of TyngJJ Down vote reply of TyngJJ
Add a Comment