This repository has been archived by the owner on May 18, 2021. It is now read-only.
TouchID instead of password when prompted for keychain access #272
Labels
Comments
|
I got what I think should work compiling in https://github.com/segmentio/aws-okta/compare/nickatsegment/v2.0.0-rc1...go-keychain-touchid?expand=1 (based on v2.0.0 rc1). It says it writes the keychain item, but doesn't actually appear to do it. No error is returned. :( I see some stuff in the Console about it, but this is true of regular aws-okta, and they're super opaque and ungoogleable. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm willing to bet most users enter their password and click
Always Allow. This actually opens you up to an attack by malware executingaws-okta.I had a look at the native macOS docs, and I think this would be possible (I'm not an Objective C dev by any stretch).
If we can make macOS optionally support confirmation with TouchID, I bet some (ideally most) users would be willing to do TouchID every time.
We'd need support in the upstream
keyringlib, and they'd need it in the upstreamkeychainlib. I opened an issue there keybase/go-keychain#61.The text was updated successfully, but these errors were encountered: