We have an MacOS application with uninstaller. When the app is installed via dmg file, users get prompt for TouchID (when touch bar available). However when users run our uninstaller app, users alwasy get prompt with login credential.
Looking into the document of Authorization APIs, it says:
"When your application requests authorization, the Security Server may request the user to authenticate. Authorization Services allows you to take full advantage of the Security Server’s authentication plug-in architecture to deal with authentication for you. Instead of a user name and password, the authentication may use fingerprints or smart cards, but your application code stays the same."
We basically grab the execute right to run uninstall script with the following code:
status = AuthorizationCreate(NULL,
kAuthorizationEmptyEnvironment,
flags,
&auth_ref);
if ( status != errAuthorizationSuccess )
{
return status;
}
AuthorizationItem item = { kAuthorizationRightExecute, 0, NULL, 0 };
AuthorizationRights rights = { 1, &item };
flags = (kAuthorizationFlagDefaults |
kAuthorizationFlagInteractionAllowed |
kAuthorizationFlagPreAuthorize |
kAuthorizationFlagExtendRights);
status = AuthorizationCopyRights( auth_ref,
&rights,
NULL,
flags,
NULL );
if ( status != errAuthorizationSuccess )
{
break;
}
FILE * channel = NULL;
status = AuthorizationExecuteWithPrivileges(auth_ref,
exepath,
kAuthorizationFlagDefaults,
exeargs,
&channel);
Do we miss anything to make authentication with TouchID?
