I am building an app where people need to be able to share a photo from the iOS photos app. To do so people need to be logged in into the app.
So I created a new iOS target for the sharing. Now I am using KeychainItemWrapper to store user credentials. So both the main target as wel as the share-sheet target use the iOS Keychain to retrieve the login information.
Now when I log out from the main app, and then login as a different user, and after that I start the share sheet, it looks like the share sheet still has the old data from the previous user.
How is that possible? How can I make sure both targets always use the latest and greatest data from the keychain?
#import "KeychainManager.h"
#import "KeychainItemWrapper.h"
NSString * const CREDENTIALS_IDENTIFIER = @"credentials";
NSString * const COOKIES_IDENTIFIER = @"cookies";
static KeychainManager *keychainManager;
@implementation KeychainManager
+ (instancetype)sharedCredentailsManager {
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
keychainManager = [[KeychainManager alloc] init];
});
return keychainManager;
}
#pragma mark - Getter
- (KeychainItemWrapper *)credentialsKeychainItem {
return [[KeychainItemWrapper alloc] initWithIdentifier:CREDENTIALS_IDENTIFIER accessGroup:nil];
}
- (KeychainItemWrapper *)cookiesKeychainItem {
return [[KeychainItemWrapper alloc] initWithIdentifier:COOKIES_IDENTIFIER accessGroup:nil];
}
- (NSString *)domainName {
NSString *domainName = [self.credentialsKeychainItem objectForKey:(__bridge id)(kSecAttrService)];
return (domainName.length > 0) ? domainName : @"";
}
- (NSString *)userName {
NSString *userName = [self.credentialsKeychainItem objectForKey:(__bridge id)(kSecAttrAccount)];
return (userName.length > 0) ? userName : @"";
}
- (NSString *)password {
NSData *password = [self.credentialsKeychainItem objectForKey:(__bridge id)(kSecValueData)];
if ([password isKindOfClass:[NSString class]] && password.length > 0) {
return (NSString *)password;
} else if ([password isKindOfClass:[NSData class]] && password.length > 0) {
NSString *passwordString = [[NSString alloc] initWithData:password encoding:NSUTF8StringEncoding];
return (passwordString.length > 0) ? password : @"";
} else {
return @"";
}
}
- (NSArray *)cookies {
NSLog(@"Getting cookies");
NSData *cookieData = [self.cookiesKeychainItem objectForKey:(__bridge id)(kSecAttrAccount)];
if ([cookieData isKindOfClass:[NSData class]] && cookieData.length > 0) {
NSArray *array = [NSKeyedUnarchiver unarchiveObjectWithData:cookieData];
NSLog(@"%lu cookies in keychain", (unsigned long)array.count);
return array;
} else {
NSLog(@"No cookies found in KeyChain");
return nil;
}
}
#pragma mark - Setter
- (void)setDomainName:(NSString *)domainName {
[self.credentialsKeychainItem setObject:domainName forKey:(__bridge id)(kSecAttrService)];
}
- (void)setUserName:(NSString *)userName {
[self.credentialsKeychainItem setObject:userName forKey:(__bridge id)(kSecAttrAccount)];
}
- (void)setPassword:(NSString *)password {
[self.credentialsKeychainItem setObject:password forKey:(__bridge id)(kSecValueData)];
}
- (void)setCookies:(NSArray *)cookies {
NSMutableArray *mutableCookies = [[NSMutableArray alloc] init];
for (NSHTTPCookie *cookie in cookies) {
NSLog(@"storing cookie: %@", cookie);
NSDictionary *cookieProperties = cookie.properties;
[mutableCookies addObject:cookieProperties];
}
NSArray *unmutableCookies = [mutableCookies copy];
NSData * encodedData = [NSKeyedArchiver archivedDataWithRootObject:unmutableCookies];
[self.cookiesKeychainItem setObject:encodedData forKey:(__bridge id)(kSecAttrAccount)];
}
# pragma mark - Clear data
- (void)clearAll {
[self clearCredentials];
[self clearCookies];
}
- (void)clearCredentials {
[self.credentialsKeychainItem resetKeychainItem];
}
- (void)clearCookies {
[self.cookiesKeychainItem resetKeychainItem];
}
@end
So the symptoms are that the functions to get username, password, domain or cookies all give different results between different targets of the same app.
I found the problem. I had to setup Keychain sharing in the entitlements of both targets.
A guide on how to set this is found here:
http://evgenii.com/blog/sharing-keychain-in-ios/
Then you have to store your Keychain items in an access group. When I tried that, the KeychainItemWrapper gave some Assertion Failures when I wanted to store something in the Keychain, which I then could solve using the following link: KeychainItemWrapper error when specifying an access group