I am trying to save a password in the keychain with biometryCurrentSet SecAccessControl flag set. Saving and reading work as expected except if I add or add or remove a fingerprint. It still returns the password, I am expecting an error, as the documentation states the item will be invalidated. https://developer.apple.com/documentation/security/secaccesscontrolcreateflags/2937192-biometrycurrentset
guard let accessControl = SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenUnlockedThisDeviceOnly, SecAccessControlCreateFlags.biometryCurrentSet, nil) else {
print("COULD NOT CREATE THE ACCESS CONTROL FLAGS!!!!!")
return
}
guard let pword = password.data(using: String.Encoding.utf8) else {
print("COULD NOT CREATE THE PASSWORD DATA!!!!!")
return
}
let query: [String : Any] = [kSecClass as String : kSecClassGenericPassword as String,
kSecAttrService as String : service,
kSecAttrAccount as String : username,
kSecAttrAccessControl as String : accessControl,
kSecUseOperationPrompt as String : "Authenticate with biometrics",
kSecUseAuthenticationUI as String : kSecUseAuthenticationUIAllow as String,
kSecValueData as String : pword]
let status = SecItemAdd(query as CFDictionary, nil)
The problem was in my SecItemUpdate query I was not including the access control flags.