You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.
Enable by default or optionally in MacOS the access control flags that require authentication with a passcode or touchid to access keys created by this library.
Motivation
MacOS and iOS users are trained to the idea that password access requires unlocking the keychain via a passcode or touchid. It seems very odd to be able to instantly access passwords without this behavior in MacOS. This library currently provides no interface to enable these access control features.
Enabling this feature also ensures that other applications can not access the secrets, at least without the user consenting to them doing so.
Describe alternatives you've considered
This same effect can be simulated using a separately library only for touchid validation before accessing the keychain, but that's window dressing compared to actually requiring authentication to access the secrets in the macOS keychain.
Additional context
I believe this is the method that sets the access control flags for newly created keychain items.
I have tested this by manually changing the access control options in the keychain, and the getPassword(...) feature in this library works well with the various options enabled.
The text was updated successfully, but these errors were encountered:
@traviscollins Is this issue about allowing the option to use TouchID to authorize Keychain access? Normally you have to enter your password to do that, and that can get tedious.
MacOS has the SecAccessControlCreateFlags type that allows you to define simple or complex combinations of authentication to access passwords in the keychain. This library should allow the developer to at least set the "require password or touch id" configuration. That would allow apps that use this package to present macos users with a familiar and more secure experience.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Enable by default or optionally in MacOS the access control flags that require authentication with a passcode or touchid to access keys created by this library.
Motivation
MacOS and iOS users are trained to the idea that password access requires unlocking the keychain via a passcode or touchid. It seems very odd to be able to instantly access passwords without this behavior in MacOS. This library currently provides no interface to enable these access control features.
Enabling this feature also ensures that other applications can not access the secrets, at least without the user consenting to them doing so.
Describe alternatives you've considered
This same effect can be simulated using a separately library only for touchid validation before accessing the keychain, but that's window dressing compared to actually requiring authentication to access the secrets in the macOS keychain.
Additional context
I believe this is the method that sets the access control flags for newly created keychain items.
https://developer.apple.com/documentation/security/1394452-secaccesscontrolcreatewithflags
I have tested this by manually changing the access control options in the keychain, and the getPassword(...) feature in this library works well with the various options enabled.
The text was updated successfully, but these errors were encountered: