1 Reply
      Latest reply on Mar 29, 2020 3:38 AM by eskimo
      tartempion Level 1 Level 1 (10 points)

        I'm trying to figure out whether it's possible to authenticate a user as an admin using Touch ID on macOS. And Using _public_ APIs (*)


        Basically, what I'm trying to achieve is:


        1. User clicks on a button to perform a task that can only performed by a user who is allowed to administer the computer.

        2. A standard security authentication dialog appears and allows to authenticate using Touch ID.

        3. A AuthenticationRef is retrieved.


        When I look at the Local Authentication API, I see multiple limitations (by design or not):


        - it lets you prove you are the current user. But it does not check that you are an admin user.


        - the dialog does not work as the one in Installer.app for instance:

          . if you move the authentication dialog to a screen corner and then click the User Password… button, the Password window is displayed on the center of the screen.


        - it does not seem possible to retrieve a AuthorizationRef.




        Are there public API or services that allows to check for admin privileges which support Touch ID?






        * I know it's possible using private frameworks since this for instance what the Startup Disk preference pane does.