8 Replies
      Latest reply on Sep 18, 2019 1:11 AM by eskimo
      aiden.zhang Level 1 Level 1 (0 points)

        This is a mac app.

         

        When I first install this app, show a window to input login password.

        I allow it.

        When I uninstall this app and then install it again, that window will not show.

        I want to know how to revoke "aways allow"/"allow" of keychain access with objc.

        What should I do? Is there a place to store this permission operation?

         

        And I have another question:

        1. I need to store some key in default keychain.
        2. I want to store these key without input password when install app.

         

        What should I do?

         

        I have used the following APIs:

        SecItemAdd
        SecItemCopyMatching
        SecItemUpdate
        SecItemDelete

         

        Thanks.

        • Re: How to revoke "aways allow"/"allow" of keychain access?
          aiden.zhang Level 1 Level 1 (0 points)

          If the setting allows all applications to access this keychain item.

          And my question is how to allows all applications to access this item?(access to this item is not restricted)

          What should I use to set the attributes?

          kSecAttrAccess or kSecAttrAccessControl?

          And what is the value of the key?

          • Re: How to revoke "aways allow"/"allow" of keychain access?
            eskimo Apple Staff Apple Staff (11,835 points)

            When I uninstall this app and then install it again, that window will not show.

            Right, that’s expected.  Removing an app from the system does not (currently) remove its keychain items.  If you want to invalidate a keychain item when the app is uninstalled, you’ll need to write code to do that.  Exactly how you do it depends on how your app is installed and uninstalled.  On iOS this is always the same, but on macOS the user has a bunch of options.

            So, let’s start with a simple question: Is this a Mac App Store app?

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: How to revoke "aways allow"/"allow" of keychain access?
                aiden.zhang Level 1 Level 1 (0 points)

                Thank you very much.

                 

                And this is an Enterprise app.

                Now, I also want to know how to allows all applications to access the default keychain item?

                I know there are some attributes to control it.

                kSecAttrAccess
                kSecAttrAccessControl

                And I try to use them, but it doesn't work.

                Now, I have no idear.

                And I really want a example with attributes code.

                 

                Best Regards

                  • Re: How to revoke "aways allow"/"allow" of keychain access?
                    eskimo Apple Staff Apple Staff (11,835 points)

                    Now, I also want to know how to allows all applications to access the default keychain item?

                    This is tricky.  macOS has two keychain flavours:

                    • The original file-based keychain

                    • An iOS-style keychain database

                    Both of these make it hard to share items across teams.  So, when you say “all applications”, what do you mean?  All applications in your team?  Or literally all applications?

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"