User Profile

I have an app and extension (Siri) that I am trying to use TouchID to authenticate an action. The main app has an enrollment process that stores off the evaluatedPolicyDomainState hash value for comparison to ensure the figerprint storage has not changed. This works great for the main app. However in the extension when trying to validate the hash with a stored hash in group storage the hash comes back differently. So it appears that the evaluatedPolicyDomainState hash is different per bundle id. Is that correct. I would have assumed that apps in the same appgroup entitlement would get the same DomainState back. That is the evaluatedPolicyDomainState would be based off of the enclave and app group id and not just app bundle id. Has anyone else run accross this?