Passing data to Authorization Plugin

I have added a new security right “com.mycompany.example” using “security authorizationdb” and I request for this right using AuthorizationCopyRights() from my app. The right “com.mycompany.example” in-turn call my Authorization plugin using evaluate-mechanisms.


For passing data from plugin to the app, I am using context values and AuthorizationCopyInfo()


Is it possible to pass data from the app requesting the right to the plugin?


I tried to set AuthorizationEnvironment with AuthorizationItemSet in AuthorizationCopyRights(), but unable to retrieve this data from the Authorization plugin.

Accepted Reply

I believe you’re being mislead by a terminology mismatch in the API:

  • When dealing with the Authorization Services API, these values are known as environment values.

  • When creating an authorisation plug-in, these values are known as hint values.

If you change

GetContextValue
to
GetHintValue
, I think this will work.

ps It would be easier to read your code if you formatted it as a code block (using the

<>
button).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

I would have expected that passing in parameters via the environment to work. That’s certainly the way that Authorization Services was originally designed.

Can you post some snippets of how you set this environment value in your app and how you attempt to retrieve it in your plug-in?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Following is the code where I am setting the environment data from app.


char *key = “testKey”;

char *value = “testValue”;

AuthorizationItem environmentValues[1] = { { method, strlen(method), method, 0 } };

AuthorizationItemSet environmentValueSet = { sizeof(environmentValues) / sizeof(*environmentValues), environmentValues };

status = AuthorizationCopyRights(_authorization, &rights, &environmentValueSet, flags, NULL);



I am trying to retrieve the values from Authorization Plugin as follows:


const AuthorizationValue *authvalue = NULL;

AuthorizationContextFlags authflags;


OSStatus status = mAuthorizationCallbacks->GetContextValue(mEngineRef, “testKey”, &authflags, &authvalue);


I am getting the following error :

Error in getting context: The authorization was denied


Thank you..

I believe you’re being mislead by a terminology mismatch in the API:

  • When dealing with the Authorization Services API, these values are known as environment values.

  • When creating an authorisation plug-in, these values are known as hint values.

If you change

GetContextValue
to
GetHintValue
, I think this will work.

ps It would be easier to read your code if you formatted it as a code block (using the

<>
button).

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"