kSecUseDataProtectionKeychain and CredentialsManager

When I want to log in on MacOS, CredentialsManager stores the credentials in the login keychain. This is a problem, since it results in a scary popup for users. Since CredentialsManager is an Auth0 product aiming to solve our login problems, there should be some way to ensure MacOS 10.15+ users benefit from the kSecUseDataProtectionKeychain, which will never show these scary prompts to our users.

I noticed that SimpleKeychain already supports this attribute, but SimpleKeychain is quite a bit more annoying to implement when all we need is this one attribute set.

Is there a feature coming to CredentialsManager to support kSecUseDataProtectionKeychain?

Actually, I think I may have figured out a workaround until there’s proper support.

        let keychain = if #available(iOS 13.0, macOS 10.15, macCatalyst 13.0, tvOS 13.0, watchOS 6.0, *) {
            SimpleKeychain(attributes: [kSecUseDataProtectionKeychain as String: true])
        } else {
            SimpleKeychain()
        }

        credentialsManager = CredentialsManager(authentication: Auth0.authentication(
            clientId: AUTH0_CLIENT_ID, domain: AUTH0_DOMAIN, session: .shared
        ), storage: keychain)

Hi @colin.lee,

Welcome to the Auth0 Community!

Thanks for your post and workaround! I have reached out to the SDK team to see if there are any plans for this update, and I will let you know what I hear back.

Thanks,

Mary Beth

Hi @colin.lee,

The team has gotten back to me! We have reference of kSecUseDataProtectionKeychain in SimpleKeychain library. Is the ask to support this in any particular SDK?

Thanks,

Mary Beth

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.