LAContext not accepting programmatically changed user's password for authentication

App & System Services Core OS
Rahul_S13 OP
Created May ’24
Replies 2
Boosts 0
Views 214
Participants 2

I have used functionality of changing user's password programmatically using the OpenDirectory framework. Once the password is updated successfully, can be use this password for Login sessions and authentication wherever required. But the same password is failing authenticate with Local Authentication Framework that is with LAContext and prefers always older password. Even restarting machine won't work.

  • Changing current user's password using below method -

do { let node = try ODNode(session: ODSession.default(), type: ODNodeType(kODNodeTypeLocalNodes)) let user = try node.record(withRecordType: kODRecordTypeUsers, name: NSUserName(), attributes: nil) try user.changePassword(currentPassword, toPassword: newPassword) print("Password changed successfully") } catch var error { print(error) }

  • Once password is updated, then trying to authenticate password with LAContext using,

let context = LAContext() context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: "AuthenticationMessage".localized()) { success, error in DispatchQueue.main.async { completion(success, error) } print("authentication error = (String(describing: error?.localizedDescription))") }

  • It won't accept the updated password. Any idea how to solve this problem?
Replies  2
Boosts  0
Views  214
Participants  2
DTS Engineer OP
Apple
May ’24

Changing passwords via the OD API has always had its limitations. For example, it would not update the password on the file-based keychain. I think this is a similar issue, although I’m not 100% sure of exactly how it connects.

Right now I’m gonna recommend that you file a bug about this. Once you’re done, please post your bug number here and I’ll take another look.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Rahul_S13 OP
May ’24

Sure, I will file a bug. For the information I have also updated keychain's password using below code,

        var userKeychain : SecKeychain?
        var err : OSStatus?
        err = SecKeychainOpen(userKeychainPath, &userKeychain)
        err = SecKeychainChangePassword(userKeychain, UInt32(currentPassword.count), currentPassword, UInt32(newPassword.count), newPassword)
        if err != 0 {
            print("Unable to reset keychain with migrated user/pass.")
        } else {
            print("Changed the keychain password")
        }

still it is failing to authenticate with newer password on LAContext.

0
LAContext not accepting programmatically changed user's password for authentication
First post date Last post date
 
 
Q