Titanium JIRA Archive
Appcelerator Modules (MOD)

[MOD-2420] iOS: Ti.Identity - Can't access Keychain item from App Extension

GitHub Issuen/a
Resolution Date2018-05-11T10:19:07.000+0000
Affected Version/sn/a
Fix Version/sTi.Identity iOS 1.0.5
Labelsextension, keychain-access
ReporterDiego Freniche
AssigneeHans Knöchel


I want to store a string in the Keychain (using Ti.Identity) and read it back in an iOS Share Extension. This is simple to do while using a 100% native project. I've tried it using APSKeychainWrapper class (included in Ti.Identity) just to check that it works, and indeed it work. The problem is that using an Appcelerator app with an iOS extension, it doesn't work. Looking at the source code I've seen that you hardcoded the Keychain Service inside Ti.Identity here: https://github.com/appcelerator-modules/titanium-identity/blob/7683fe3045cd3f006d22f4127df16bbd1b890255/ios/Classes/TiIdentityKeychainItemProxy.m#L33 Maybe that's the problem. But I've tried even to generate the iOS project from Studio, then open it in Xcode and save something in the keychain, then reading from the extension and doesn't work. More details here: https://stackoverflow.com/questions/50137192/appcelerator-ios-app-how-to-read-keychain-value-from-share-extension/50140736#50140736 And there's a preconfigured, project sample to test this here: https://github.com/dfreniche/TestKeychain We need to read the keychain from an App Extension, and this is a big problem. Can't see why is not working: entitlements look fine, etc. etc. Can you create a sample of putting something inside keychain then reading back from an App Extension? Thanks!


  1. Hans Knöchel 2018-05-04

    Sorry, I don't think this is a Titanium issue. Your sample app is missing a few things that you could start with: - Missing <team-id> in the <ios> section of the tiapp.xml - Your "accessGroup" property contains 'group.test.projects', so it may misses the team-id-prefix In addition, you could validate it by opening the generated project and check for possible warnings there. And one side note: I see that you are logging the value with "print". I think there is a known Titanium bug that is about logs from extensions that do not show up in the Titanium console. So to debug, you could set a label with the contents to check if it may gets received properly already.
  2. Alan Hutton 2018-05-04

    Fixed issue with error message on resolve.
  3. Diego Freniche 2018-05-07

    Hi, - didn't know about the tag. Looks like an undocumented tag? Can't find any info about it here: https://wiki.appcelerator.org/display/guides2/tiapp.xml+and+timodule.xml+Reference - using the team-id-prefix with the keychain service solves the problem, BUT I needed to modify Ti.Identity module also (see below) - no problem with print statements. This is a known limitation of App Extensions (they don't print to the console). So I was attaching a debugger directly to the app extension and inspecting the vars.

    Problem with Ti.Identity:

    I think the problem is in this line: https://github.com/appcelerator-modules/titanium-identity/blob/7683fe3045cd3f006d22f4127df16bbd1b890255/ios/Classes/TiIdentityKeychainItemProxy.m#L33 Keychain service is hardcoded to service:@"ti.touchid". Once I change it to my app-prefix.my-app all works. Is it possible to change that value in Ti.Identity from JS? Thanks!
  4. Hans Knöchel 2018-05-07

    Thanks for the feedback! It is available since 5.0.0. I have added it to the [tiapp.xml docs](https://wiki.appcelerator.org/display/guides2/tiapp.xml+and+timodule.xml+Reference#tiapp.xmlandtimodule.xmlReference-team-id) and [extensions guide](https://wiki.appcelerator.org/display/DA/Integrate+a+Native+iOS+App+Extension+or+WatchKit+App) for reference. Regarding the service: We can make it available as a property and default to the old value, does that sound like a plan? I can extend the module over the week.
  5. Diego Freniche 2018-05-07

    Oh, that would perfect! If I can pass that keychain service I'll be happy! Sorry for not doing a PR, but I'm not proficient in the Appc side, just native dev trying to learn...
  6. Hans Knöchel 2018-05-08

    PR: https://github.com/appcelerator-modules/titanium-identity/pull/16 It contains a new property "service" that can be set during keychain-item creation. It defaults to "ti.touchid" for full backwards compatibility with existing use-cases. The new version is also drafted [here](https://github.com/appcelerator-modules/titanium-identity/releases/tag/ios-1.0.5) and can be tried out. [~dfreniche] Please try the 1.0.5 version and let me know if that works for you.
  7. Diego Freniche 2018-05-11

    I've been trying this change and it works! Both simulator + real device! Thanks a lot, finally got it working Hans!

JSON Source