3 Replies
      Latest reply on Jun 27, 2019 12:43 AM by eskimo
      adamc_at Level 1 Level 1 (0 points)

        I'm trying to share the keychain of my main app with an app extension.

         

        In both places my entitlements are added to the main app target and my extension, both with the values "$(AppIdentifierPrefix)com.example.MyGroupName"

         

        I followed this [great] post on https://forums.developer.apple.com/message/75928#75928 to debug the issue and found the following:

         

          <key>ApplicationIdentifierPrefix</key>

          <array>

          <string>SomeIdentifier1</string>

          </array>

         

        Of my mobileprovision.

         

        Whereas my extension expects the Team ID.

         

        How do I correct one of these so they both are using the same access group?

        • Re: AppIdentifierPrefix is different in main app and extension
          eskimo Apple Staff Apple Staff (12,425 points)

          It sounds like your app was created back in the day, where each app would get its own unique App ID prefix.  That’s still supported for existing apps, but new apps always use the Team ID.  You can learn more of the backstory to this in Technote 2311 Managing Multiple App ID Prefixes.

          With regards keychain sharing, I don’t think there’s a way to set that up between two apps with different prefixes (in this context you can think of your app extension as an app).  The solution is to migrate your app to use a Team ID prefix, but that’s not without its drawbacks.  TN2311 goes into the details.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: AppIdentifierPrefix is different in main app and extension
              adamc_at Level 1 Level 1 (0 points)

              Back in the day is exactly right! As someone not around when the project was originally created is it possible to figure out whether the App ID was a wildcard or not? So I can figure out which set of steps to use to move my App ID from a non-Team ID prefix to the Team ID.

                • Re: AppIdentifierPrefix is different in main app and extension
                  eskimo Apple Staff Apple Staff (12,425 points)

                  As someone not around when the project was originally created is it possible to figure out whether the App ID was a wildcard or not?

                  If you dump your provisioning profile, you’ll see that it whitelists certain entitlements.  A wild card profile whitelists all the App IDs with a specific prefix:

                  $ security cms -D -i fd41af6d-8883-4a29-924f-a65eba652129.mobileprovision 
                  …
                  <dict>
                      …
                      <key>Entitlements</key>
                      <dict>
                          <key>application-identifier</key>
                          <string>SKMME9E2Y8.*</string>
                          …
                      </dict>
                      …
                  </dict>
                  </plist>

                  A non-wildcard profile whitelists just one specific App ID:

                  $ security cms -D -i 18d432c1-fd30-4c82-835f-b486024a1ecd.mobileprovision 
                  …
                  <dict>
                      …
                      <key>Entitlements</key>
                      <dict>
                          …
                          <key>application-identifier</key>
                          <string>SKMME9E2Y8.com.example.apple-samplecode.Test118773</string>
                          …
                      </dict>
                      …
                  </dict>
                  </plist>

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"