I am describing a problem for which it took me quite some time to learn the answer.
The "GenericKeychain" example is a good start at providing a wrapper for sharing keychain data between applications when using the accessGroup in the init.
However, implementing this in my app yielded an obscure error code (which took forever to locate) -25243, which means: No access control.
I ran Apple's example app (GenericKeychain) on my iPad only to get the same error. Huh?
Does Apple's documentation fail to deliver on what is necessary to accomplish this?
Sharing keychain items between multiple targets of the same app, or between different apps that belong to the same developer, relies on the concept of an access group — a collection of targets that all share a common keychain group.
App groups allow multiple apps produced by a single development team to access shared containers and communicate using interprocess communication (IPC). Apps may belong to one or more app groups. Apps within an app group share access to a group container.
SecItemCopyMatching(_:_:) Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.
Everything stored in iCloud Keychain is secure—it's protected by industry-standard encryption. Your iCloud Keychain can't be set up on another Mac or iOS or iPadOS device unless you approve it.
After some (a lot of) digging throughout the web, I found the answer. The access Group that you use when constructing your KeychainItemWrapper class must ALSO be specified in each of your application's Entitlements.plist file in the "keychain-access-groups" section.
It seems almost obvious now that I see "keychain-access-groups". However, I had no idea to even look there. Hope this helps others.
Actually it's not hard to do. Please follow the steps.
App1:
And add these codes to somewhere you need.
[UICKeyChainStore setString:@"someValue" forKey:@"someKey" service:@"someService"];
App2:
And add these codes to somewhere you need.
NSString *string = [UICKeyChainStore stringForKey:@"someKey" service:@"someService"];
Your TeamIDs should be same for both projects.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With