Suppose there is a key in the keychain that is protected by an ACL which specifies .userPresence
as its access control - is it possible to prevent the user from being prompted to authenticate with biometrics and to force authentication via the device passcode instead?
Keychain ACLs: Relationship between .userPresence and .devicePasscode
Hmmm, I suspect I’m missing something here. If you only want the user to be able to use the device passcode, why create the item with .userPresence
? Instead, just create the item with .devicePasscode
.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Sorry Quinn, I'll try to be more specific: We want the key to be usable with either biometry or device passcode - hence .userPresence
- but we want to be able to decide whether to allow biometry in some cases or not. With .userPresence
this does not seem to be possible out of the box since this always seems to prefer biometry if available.
We tried passing a LAContext
which has been used to access a (different) keychain item protected with .devicePasscode
, but to no avail.
Thanks for the clarification.
Sadly, I don’t see any way to achieve this goal.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"