iOS SFHFKeychainUtils failing *sometimes* with error -25308 errSecInteractionNotAllowed
I have this code getting back a password from the keychain for a given username NSString:
NSError *error = nil; NSString *appName = [[[NSBundle mainBundle] infoDictionary] objectForKey:(NSString*)kCFBundleNameKey]; NSString *pw = [SFHFKeychainUtils getPasswordForUsername:username andServiceName:appName error:&error]; if(error != nil) // log the error
Most of the time for most users this all works fine – but for some specific users this call seems to fail (and carry on failing) where it returns the following error:
The operation couldn’t be completed. (SFHFKeychainUtilsErrorDomain error -25308.)
This is apparently errSecInteractionNotAllowed – which from what I’ve read I think this means some kind of user interaction is required for the keychain to be accessed.
Does anyone have any idea why this call may be failing for some specific users only? This keychain entry is specific to my app – so why would any user interaction be required to access it?
Any pointers much appreciated…
Solutions Collect From Internet About “iOS SFHFKeychainUtils failing *sometimes* with error -25308 errSecInteractionNotAllowed”
OK so I worked this out finally.
Eventually I worked out the users who were having problems had set a lock code on their phone. If the phone was locked the keychain system was returning this -25308 error.
If you only ever need to access the keychain when the app is active in the forground you would never see this issue – but if you need to carry on processing when the phone is locked or if the app is in background then you would see it.
Elsewhere I’d read that the default access attribute for the kechain system is kSecAttrAccessibleAlways – but I think that is out of date. It seems the default access attribute for the keychain system is such that when the phone is locked with a pin code then the items are unavailable.
The fix for this is to change the SFHFKeychainUtils code to set a specific kSecAttrAccessible attribute on the keychain items it manages (which the original code did not do – presumably as it pre-dated these attributes).
This wordpress updated version of the SFHFKeychainUtils code has the fixes in it – search for kSecAttrAccessible to see where they have added the accessible attribute code.
Hope this helps anyone else running into this…
- get the latest podcasts from itunes store with link by RSS, JSON or something
- Objective-C Difference between setting nil and releasing
- Objective-C Class Reference: Symbols not found error
- what is the difference between Delegate and Notification?
- How do chat iOS applications communicate?
- Cocoa podspec and path for dependency
- How to find out if user pressed call or cancel button when making call from my app?
- Is UIView superview property weak or strong?
- Xcode tree conflicts on merge
- Use of unresolved identifier NSCalendarUnitDay
- xcode 8 error denied by service delegate (SBMainWorkspace)
- SwiftyJSON Performance Issues
- Understanding pointers?
- application Icon Badge Number in ios5
- Best Way to check for iOS 7 or earlier?