Unlocking TouchID after LAErrorBiometryLockout error

Hi,

I'm looking for best practices for unlocking TouchID in a Mac app when using canEvaluatePolicy.

Documentation says:

Biometric authentication will get locked after 5 unsuccessful attempts. After that, users have to unlock it by entering their account password. The password can be entered either at login window or in the preference sheets or even in application by the means of LAPolicyDeviceOwnerAuthentication. The system unlock is preferred user experience because we generaly don't want users to enter their account password at application's request.

So if we shouldn't manage Mac's password in the app, how to invite user to unlock ?

Explaining he must lock/unlock the session or open any preference panel isn't a fluent experience and would definitely seems weird.

I tried adding an 'Unlock' button in an alert and locking the screen automatically but this raises extras complexities:

  • pmset can put the screen to sleep but won't lock in case of grace period
  • sending an cmd-ctl-Q AppleEvent to System Events could fit but it depends on user acceptance for AEs and fails when System Events isn't running.

Any ideas ?

Extra context information : the app must be sandboxed then the AppleEvent seems a no-go.

Unlocking TouchID after LAErrorBiometryLockout error
 
 
Q