I'm currently exploring Apple's Auth-Plugin extension and have modified the authdb to log in to a Mac device without using the default login password.
Specifically,I am replacing builtin:authenticate,privileged with a custom privileged mechanism that authenticates the user and grants desktop access based on our custom logic.
However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked. I'm considering whether a certificate-based persistent token could be used to unlock the Keychain.
Is this approach recommended, or is there a more suitable solution, such as using CryptoTokenKit or another available API?
Have you talked to me about this one-on-one yet? If not, please DTS code-level support request so I can share some info privately. Make sure you reference this DevForums thread when you submit your request.
However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked.
Yep. The system needs the user’s password to unlock the keychain.
Is this approach recommended … ?
It depends on your specific goals but, in general, authorisation plug-ins are something that’s you should avoid you can. They are old, weird, and brittle.
I generally recommend that folks explore the Platform SSO space.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"