LAAuthenticationView does not work at all

Originator:ckrames1234
Number:rdar://FB10013283 Date Originated:05-09-2022
Status:Open Resolved:
Product:LocalAuthentication Product Version:12.3.1
Classification:Serious Bug Reproducible:Always
 
If I make a new application from scratch in Xcode with default (automatic) code signing settings, I get this error when trying to display an LAAuthenticationView:

2022-05-09 19:13:39.622374+0200 TestApp[63150:4858424] [Client,SPI] pauseProcessedEvent:0 on LAContext[63150:1 uiDelegate:<LAAuthenticationView: 0x1431474c0>] cid:3 returned Error Domain=com.apple.LocalAuthentication Code=-1007 "Caller is not Apple signed." UserInfo={NSDebugDescription=Caller is not Apple signed., NSLocalizedDescription=Authentication denied.}

It seems like this API was not tested on a de-fanged machine. See the attached video and source code

Comments

I reverse engineered the error message, and determined that it shows up when the “com.apple.private.CoreAuthentication.SPI” entitlement is missing. So, I did the following:

  1. Disabled SIP
  2. Added “amfi_get_out_of_my_way=1” to my boot-args
  3. Added the "com.apple.private.CoreAuthentication.SPI” entitlement to my app

Now the API works as expected (and it works great!)

It seems like a pretty clear fix, and this API seems to have been broken since it was introduced. Would it be possible to fix it?

By ckrames1234 at May 9, 2022, 6:35 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!