Search code examples
swiftkeychain

Keychain Access for API requests triggers alert


I store the token received from an API sign in process in the user's keychain. Then for all further requests to the API I get the token from the keychain to send to the API. This happens with each request made to the API. As I have understood the keychain is the right place to store sensitive information, so I'm not storing the token in the user defaults.

On iOS everything works as expected, but on macOS, there's an alert appearing that the App wants access to the keychain. The user can then select to allow it once or to allow it always. This has two major issues:

  1. if the user chooses "once" the dialog will appear over and over again with each request the App does.

  2. if the user chooses "always" the dialog will not appear for some time, but after a while it will reappear nevertheless.

Why is this behavior totally different between iOS and macOS? Or did I forgot to configure something?

From a security point of view, would it be okay to read the token once at the start of the app and store it in a property?


Solution

  • Although the Keychain on iOS and macOS share lots of similarities, there is one big difference between the two. iOS only has a single Keychain, whereas macOS can create any amount of Keychains. You can find more info on that here.

    This means that we will have to tell the macOS Keychain to behave like the iOS Keychain, which we can via the kSecUseDataProtectionKeychain key, documented here. Setting this flag to true should solve your issue.