8 Replies
      Latest reply on Jul 2, 2019 1:33 PM by JWWalker
      m.gansrigler Level 1 Level 1 (0 points)

        Hi all.

         

        A customer of my app Yoink has an issue with it. When he tries to drag a file to it, the console reports this:

        "Error Domain=NSCocoaErrorDomain Code=256 "Failed to retrieve app-scope key" UserInfo={NSDebugDescription=Failed to retrieve app-scope key}"

         

        The app, as soon as it retrieves an NSURL via drag and drop, creates a security-scoped bookmark from it (the entitlements are set correctly, of course, because for me and everyone else who uses this app, except this one person, it works fine).

         

        So, now my question is, what causes "Failed to retrieve app-scope key"?

         

        The app creates the bookmark like this:

        NSURLBookmarkCreationOptions options = NSURLBookmarkCreationWithSecurityScope;
        
          NSData *bmData = [fileURL bookmarkDataWithOptions:options
            includingResourceValuesForKeys:nil
          relativeToURL:nil
          error:&err];
        
          if (bmData == nil)
             bmData = [fileURL bookmarkDataWithOptions:options|NSURLBookmarkCreationSecurityScopeAllowOnlyReadAccess
                        includingResourceValuesForKeys:nil
                        relativeToURL:nil
                        error:&err];
        

        (I repeat the bookmark creation if it failed the first time, because for files that the user only has read-access to, the first creation will fail.

         

        Thank you for your help and input,

        - Matt

        • Re: "Failed to retrieve app-scope key" in sandboxed app
          m.gansrigler Level 1 Level 1 (0 points)

          Sorry for the bump, but does anyone have any insight into this?

           

          Thank you kindly!

          - Matt

          • Re: "Failed to retrieve app-scope key" in sandboxed app
            eskimo Apple Staff Apple Staff (11,655 points)

            I can see two potential causes for this:

            1. something is borked with code signing on the user’s machine — The scoped bookmark machinery needs to be able to get the code signature of your app in order to do its magic, and if that failed you’d get an error like this.

            2. something is borked with the user’s keychain — The scoped bookmark machinery stores a secret in the keychain (you can see it in Keychain Utility by searching for “com.apple.scopedbookmarksagent.xpc”) and you’d get this error if that was failing somehow.

            Of these, #2 seems most likely.  It’s also easy to test.  Have the user create a new account and repeat their test in that account.  The new account will have a new keychain, and thus avoid any potential borkage with the user’s current keychain.

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: "Failed to retrieve app-scope key" in sandboxed app
                m.gansrigler Level 1 Level 1 (0 points)

                Hey, eskimo!

                 

                Sorry for reviving this thread, but I was wondering - is there a way for the user to repair their keychain or the code signing machinery, without having to create a new user account?

                 

                Thank you kindly,

                Matt

                  • Re: "Failed to retrieve app-scope key" in sandboxed app
                    eskimo Apple Staff Apple Staff (11,655 points)

                    Well, creating a new user account is just a diagnostic test; I wouldn’t expect that to be the final solution to this problem.

                    Is this happening to you?  Or to one of your app’s users?

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"

                      • Re: "Failed to retrieve app-scope key" in sandboxed app
                        m.gansrigler Level 1 Level 1 (0 points)

                        Thank you for getting back to me.

                         

                        I've had about 3 users with this particular error so far. One was content with creating a new user, the other two aren't savvy enough to do it, and I wouldn't want anyone to create a new user account just because of my app, anyway.

                        So a repair for the keychain or something like that would be wonderful.

                          • Re: "Failed to retrieve app-scope key" in sandboxed app
                            eskimo Apple Staff Apple Staff (11,655 points)

                            I’m reluctant to offer advice on this front.  The folks who are experts at resolving user issues like this one are AppleCare.

                            If this were my Mac I’d reset the keychain by:

                            1. In Keychain Access, creating a temporary keychain

                            2. Setting it as the default

                            3. Removing the old keychain from the search list

                            4. In the Finder, moving that file aside

                            5. Back in Keychain Access, creating another new keychain, this time called login

                            6. Making it the default

                            7. Removing the temporary keychain

                            The problem with recommending this to non-technical users is that a) it’s not easy to do, and b) it might interact badly with various user scenarios, most notably iCloud Keychain.

                            Share and Enjoy

                            Quinn “The Eskimo!”
                            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                            let myEmail = "eskimo" + "1" + "@apple.com"

                      • Re: "Failed to retrieve app-scope key" in sandboxed app
                        JWWalker Level 1 Level 1 (0 points)

                        I was getting this error when trying to give sandbox access to BBEdit, and when I searched for “com.apple.scopedbookmarksagent.xpc” in Keychain Access, I found such an item in two different keychains.  I deleted both items and rebooted.  Now the problem seems to be fixed, so thanks very much for the information, Quinn.