Hi there,
Our Password Manager app on macOS allows a user to unlock their password database using Apple Watch for convenience.
We check that Apple Watch is available for use by calling canEvaluatePolicy in the usual way.
This works really well most of the time, if the Watch is available, we'll be able to call evaluatePolicy to have the user authenticate with their watch.
However, we have been receiving reports that when their watches go to sleep our App incorrectly requests they authenticate with their watch. It does this because canEvaluatePolicy
returns true, but once we call evaluatePolicy
instead of requesting the user authenticate, we immediately get an error:
Error Domain=com.apple.LocalAuthentication Code=-1 "AppleWatch authentication failed." UserInfo={NSDebugDescription=AppleWatch authentication failed., NSLocalizedDescription=Authentication failure.}
Apparently though there is a way to detect this, the Apple User Login screen is able to detect that the watch is asleep and requests a password instead. Also System Preferences that require a password somehow can cause the Apple Watch to vibrate when asleep but then fails gracefully/falls back to requesting a password.
As developers, we would like to know if we can request Apple Watch authentication using the canEvaluatePolicy function. If the watch is asleep, then that should we believe return false.
Any help or pointers on how to detect this scenario appreciated.