Safari Extensions and FaceID/Keychain access

My Safari Extension on iOS needs access to a Keychain item (password) that is secured by the userPresence and devicePasscode flag. In other words, FaceID/TouchID or the device PIN is necessary to access the password.

Is there a way for the extension to access the password?

SafariWebExtensionHandler.swift has access to the Keychain, but can't present FaceID/TouchID/device PIN interface to the user. Popup.js has UI access, but can't access the iOS Keychain.

One hack is to set touchIDAuthenticationAllowableReuseDuration of the Keychain item to an arbitrary time and have the user authenticate in the containing app.

However, in case of a time-out, the containing app has be opened by the extension with a custom URL scheme. openURL is not accessible in SafariWebExtensionHandler.swift either (I assume it can be handled by popup.js). This is a user-unfriendly solution. What is the best way to give the Safari extension access to a Keychain item?

Safari Extensions and FaceID/Keychain access
 
 
Q