Hey Quinn,
I'm working on the same problem, and since I don't have one of the new Macbooks yet. I'm testing with saving a keychain item with kSecAccessControlDevicePasscode instead of kSecAccessControlTouchIDAny. Theoretically if I get everything working with kSecAccessControlDevicePasscode then I should be able to just switch that to kSecAccessControlTouchIDAny to use Touch ID.
Now I've encontered something weird... When using using SecItemCopyMatching to check if the keychain item exists, I'm also asked for my password. Even though I'm not requesting any secret data to be returned.
NSDictionary* query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrService: @"Service",
(__bridge id)kSecAttrAccount: @"Account",
};
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)(query), NULL);
Once the item is stored, the above code will also ask for the user's password making testing for its existence difficult (to adapt your UI for example). I have very similar code on iOS and it works has expected.
Is this on purpose?