Hi,
I have an existing Mac app and when I build and install via the new Mac TestFlight, the user is prompted to enter in their system password in order for the app to have access to it's own keychain items.
If I export the very same archive using a Developer ID or using the Developer option, it doesn't require the user to re-enter their password.
Is it possible that there's something wrong with the way TestFlight signs the app or am I doing something wrong? I've looked at the DR for each of the builds and they are all different in some way so not sure what that tells me.
For example, the DRs for each are: /existing Mac App Store
designated => (anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = ZL5FFY3M32) and identifier "X.X.X"
/TestFlight build
designated => anchor apple generic and certificate leaf[field.1.2.840.113635.100.6.1.25.1] /* exists */ and identifier "X.X.X"
/Developer ID
designated => anchor apple generic and identifier "X.X.X" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = ZL5FFY3M32)
X.X.X is the correct and same bundle ID of my app. Clearly the TestFlight DR is "more" different but not sure what is the problem and how I would fix it.
Any help would be greatly appreciated and Merry Christmas! //Ray
For anyone hitting this issue, Eskimo discovered that this is a bug with TestFlight for Mac.
FYI, we believe we’ve fixed this in macOS 13.0 beta (r. 88185629). However, I still stand by my advice on this thread: If you can use the data protection keychain, you should. It’s the future of the keychain on our platforms.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"