Closed sebsto closed 1 year ago
The system call that fails is
Input parameters :
▿ 7 elements
▿ 0 : 2 elements
- key : "m_Limit"
- value : m_LimitOne
▿ 1 : 2 elements
- key : "class"
- value : "genp"
▿ 2 : 2 elements
- key : "nleg"
- value : 1
▿ 3 : 2 elements
- key : "r_Data"
- value : 1
▿ 4 : 2 elements
- key : "acct"
- value : "amplify.eu-central-1_Fg00pSzeu.eu-central-1:5ea63a60-b53c-4f73-b0eb-15fefa191099.session"
▿ 5 : 2 elements
- key : "pdmn"
- value : "cku"
▿ 6 : 2 elements
- key : "svce"
- value : "com.amplify.awsCognitoAuthPlugin"
It returns errSecItemNotFound
My default keychains do not contain any amplify
related entries
➜ ~ security find -s com.amplify.awsCognitoAuthPlugin
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
➜ ~ security find -a amplify.eu-central-1_Fg00pSzeu.eu-central-1:5ea63a60-b53c-4f73-b0eb-15fefa191099.session
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
Thanks for reporting this. Amplify Library for Swift does not currently support applications developed as Command Line Tools, meaning developed via the Command Line Tool
template with no bundle. The reason for this is that amplify-swift relies on the data protection keychain to store and retrieve values that are specific to the application. Therefore, apps using amplify-swift must include a provisioning profile and must be code signed with the application-identifier
entitlement. This is not an issue for iOS apps, since they always include a provisioning profile and the required entitlements. However, for macOS this is not always the case.
Command Line Tool
apps are not supported. Regular macOS apps are supported, but they may not always have the proper entitlements by default. For example, if you update an existing iOS app to natively support macOS, it may not have the required entitlements. A simple way to solve this is to add the Keychain Sharing
capability. You do not need to add any keychain access groups. Because keychain sharing requires a provisioning profile, adding the capability adds the provisioning profile, which in turn adds the application-identifier
and team-identifier
entitlements to the app. Note that this only applies to native macOS apps. Apps running under Catalyst will always work as expected.
A workaround to develop CLI tools with Amplify Library for Swift is to wrap the tool in an app-like structure. For more details, see Apple's documentation on Signing a daemon with a restricted entitlement. Note that although this document is specific to daemons, many of the concepts can be applied to CLI tools as well. Depending on your CLI tool's functionality, you likely won't need the hardened runtime capability described in the document. You will, however, need a provisioning profile and application-identifier
entitlement. As discussed above, this can be accomplished by adding the Keychain Sharing
capability to the app. You can confirm the built app's entitlements with the following command:
codesign -d --entitlements :- <path to your app>
Thank you @ameter for the detailed answer.
thank you @ameter definitely helped!
Describe the bug
When using Amplify Library for Swift for a CLI macOS application, authentication fails because Amplify can not access the macOS keychain.
Error :
Steps To Reproduce
Expected behavior
Authentication should succeed for CLI applications
Amplify Framework Version
2.0.0
Amplify Categories
Auth
Dependency manager
Swift PM
Swift version
5.7
CLI version
10.3.0
Xcode version
14.0.1
Relevant log output
Log Messages
```shell 2022-10-21 11:01:33.618246+0200 DataStoreInit[14876:10301401] [Amplify] Adding plugin: AWSCognitoAuthPlugin.AWSCognitoAuthPlugin) 2022-10-21 11:01:33.653887+0200 DataStoreInit[14876:10301401] [Amplify] Configuring 2022-10-21 11:01:33.655481+0200 DataStoreInit[14876:10301401] [Amplify] Configuration: Optional(Amplify.AmplifyConfiguration(analytics: nil, api: Optional(Amplify.APICategoryConfiguration(plugins: ["awsAPIPlugin": Amplify.JSONValue.object(["amplifyiosworkshop": Amplify.JSONValue.object(["endpointType": Amplify.JSONValue.string("GraphQL"), "region": Amplify.JSONValue.string("eu-central-1"), "authorizationType": Amplify.JSONValue.string("AMAZON_COGNITO_USER_POOLS"), "endpoint": Amplify.JSONValue.string("https://ebamdwz4wreanlyzog5r65zocy.appsync-api.eu-central-1.amazonaws.com/graphql")])])])), auth: Optional(Amplify.AuthCategoryConfiguration(plugins: ["awsCognitoAuthPlugin": Amplify.JSONValue.object(["CredentialsProvider": Amplify.JSONValue.object(["CognitoIdentity": Amplify.JSONValue.object(["Default": Amplify.JSONValue.object(["Region": Amplify.JSONValue.string("eu-central-1"), "PoolId": Amplify.JSONValue.string("eu-central-1:5ea63a60-b53c-4f73-b0eb-15fefa191099")])])]), "Auth": Amplify.JSONValue.object(["Default": Amplify.JSONValue.object(["authenticationFlowType": Amplify.JSONValue.string("USER_SRP_AUTH"), "socialProviders": Amplify.JSONValue.array([Amplify.JSONValue.string("APPLE")]), "verificationMechanisms": Amplify.JSONValue.array([Amplify.JSONValue.string("EMAIL")]), "mfaConfiguration": Amplify.JSONValue.string("OFF"), "signupAttributes": Amplify.JSONValue.array([Amplify.JSONValue.string("EMAIL")]), "usernameAttributes": Amplify.JSONValue.array([]), "mfaTypes": Amplify.JSONValue.array([Amplify.JSONValue.string("SMS")]), "passwordProtectionSettings": Amplify.JSONValue.object(["passwordPolicyMinLength": Amplify.JSONValue.number(8.0), "passwordPolicyCharacters": Amplify.JSONValue.array([])]), "OAuth": Amplify.JSONValue.object(["SignInRedirectURI": Amplify.JSONValue.string("landmarks://"), "Scopes": Amplify.JSONValue.array([Amplify.JSONValue.string("phone"), Amplify.JSONValue.string("email"), Amplify.JSONValue.string("openid"), Amplify.JSONValue.string("profile"), Amplify.JSONValue.string("aws.cognito.signin.user.admin")]), "SignOutRedirectURI": Amplify.JSONValue.string("landmarks://"), "WebDomain": Amplify.JSONValue.string("amplifyiosworkshop1fca16b2-1fca16b2-dev.auth.eu-central-1.amazoncognito.com"), "AppClientId": Amplify.JSONValue.string("5o19mrb1f47nnorc3dp762miqg")])])]), "UserAgent": Amplify.JSONValue.string("aws-amplify/cli"), "S3TransferUtility": Amplify.JSONValue.object(["Default": Amplify.JSONValue.object(["Bucket": Amplify.JSONValue.string("amplifyiosworkshop61538eb4d74f46d2a421826ec170395333-dev"), "Region": Amplify.JSONValue.string("eu-central-1")])]), "CognitoUserPool": Amplify.JSONValue.object(["Default": Amplify.JSONValue.object(["Region": Amplify.JSONValue.string("eu-central-1"), "AppClientId": Amplify.JSONValue.string("5o19mrb1f47nnorc3dp762miqg"), "PoolId": Amplify.JSONValue.string("eu-central-1_Fg00pSzeu")])]), "AppSync": Amplify.JSONValue.object(["Default": Amplify.JSONValue.object(["ApiUrl": Amplify.JSONValue.string("https://ebamdwz4wreanlyzog5r65zocy.appsync-api.eu-central-1.amazonaws.com/graphql"), "Region": Amplify.JSONValue.string("eu-central-1"), "ClientDatabasePrefix": Amplify.JSONValue.string("amplifyiosworkshop_AMAZON_COGNITO_USER_POOLS"), "AuthMode": Amplify.JSONValue.string("AMAZON_COGNITO_USER_POOLS")])]), "Version": Amplify.JSONValue.string("0.1.0"), "IdentityManager": Amplify.JSONValue.object(["Default": Amplify.JSONValue.object([:])])])])), dataStore: nil, geo: nil, hub: nil, logging: nil, predictions: nil, storage: Optional(Amplify.StorageCategoryConfiguration(plugins: ["awsS3StoragePlugin": Amplify.JSONValue.object(["region": Amplify.JSONValue.string("eu-central-1"), "bucket": Amplify.JSONValue.string("amplifyiosworkshop61538eb4d74f46d2a421826ec170395333-dev"), "defaultAccessLevel": Amplify.JSONValue.string("guest")])])))) 2022-10-21 11:01:33.658483+0200 DataStoreInit[14876:10301401] [Amplify] No plugin found for configuration key `awsAPIPlugin`. Add a plugin for that key. 2022-10-21 11:01:33.658548+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] Credential Store state change: notConfigured 2022-10-21 11:01:33.658555+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.notConfigured" = { }; } 2022-10-21 11:01:33.658593+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configuringAuth" = { }; } 2022-10-21 11:01:33.658703+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/InitializeAuthConfiguration.swift Starting execution 2022-10-21 11:01:33.658755+0200 DataStoreInit[14876:10301401] [Amplify] No plugin found for configuration key `awsS3StoragePlugin`. Add a plugin for that key. 2022-10-21 11:01:33.658816+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Credential Store state change: migratingLegacyStore 2022-10-21 11:01:33.658880+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/MigrateLegacyCredentialStore.swift Starting execution Amplify initialized authenticating 2022-10-21 11:01:33.663517+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/MigrateLegacyCredentialStore.swift Sending event CredentialStoreEvent.loadCredentialStore 2022-10-21 11:01:33.663574+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Credential Store state change: loadingStoredCredentials 2022-10-21 11:01:33.663591+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/LoadCredentialStore.swift Starting execution 2022-10-21 11:01:33.663809+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/LoadCredentialStore.swift Retreiving credential amplifyCredentials 2022-10-21 11:01:33.664419+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/LoadCredentialStore.swift Sending event CredentialStoreEvent.throwError 2022-10-21 11:01:33.664467+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/IdleCredentialStore.swift Starting execution 2022-10-21 11:01:33.664479+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] No existing session found. 2022-10-21 11:01:33.664481+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/IdleCredentialStore.swift Sending event CredentialStoreEvent.moveToIdleState 2022-10-21 11:01:33.664502+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/InitializeAuthConfiguration.swift Sending event AuthEvent.validateCredentialAndConfiguration 2022-10-21 11:01:33.664545+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ValidateCredentialsAndConfiguration.swift Starting execution 2022-10-21 11:01:33.664559+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ValidateCredentialsAndConfiguration.swift Sending event AuthEvent.configureAuthentication 2022-10-21 11:01:33.664578+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.validatingCredentialsAndConfiguration" = { }; } 2022-10-21 11:01:33.664599+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/InitializeAuthenticationConfiguration.swift Starting execution 2022-10-21 11:01:33.664605+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] Credential Store state change: error(KeychainStoreError: Unable to find the keychain item Recovery suggestion: This should not happen. There is a possibility that there is a bug if this error persists. Please take a look at https://github.com/aws-amplify/amplify-ios/issues to see if there are any existing issues that match your scenario, and file an issue with the details of the bug if there isn't. Issue encountered at: file: /Users/stormacq/Library/Developer/Xcode/DerivedData/HandlingUserInput-cnaivyntveyxcmgypmkkafobwaeh/SourcePackages/checkouts/amplify-swift/AmplifyPlugins/Core/AWSPluginsCore/Keychain/KeychainStoreError.swift function: recoverySuggestion line: 69) 2022-10-21 11:01:33.664618+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/InitializeAuthenticationConfiguration.swift Sending event AuthenticationEvent.configure 2022-10-21 11:01:33.664640+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] Credential Store state change: idle 2022-10-21 11:01:33.664647+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configuringAuthentication" = { "AuthenticationState.notConfigured" = { }; }; } 2022-10-21 11:01:33.664672+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ConfigureAuthentication.swift Start execution 2022-10-21 11:01:33.664689+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ConfigureAuthentication.swift Sending event AuthenticationEvent.initializedSignedOut 2022-10-21 11:01:33.664690+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configuringAuthentication" = { "AuthenticationState.configured" = { }; }; } 2022-10-21 11:01:33.664716+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ConfigureAuthentication.swift Sending event AuthEvent.authenticationConfigured 2022-10-21 11:01:33.664766+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/InitializeAuthorizationConfiguration.swift Starting execution 2022-10-21 11:01:33.664777+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/InitializeAuthorizationConfiguration.swift Sending event AuthorizationEvent.configure 2022-10-21 11:01:33.664790+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configuringAuthentication" = { "AuthenticationState.signedOut" = { lastKnownUserName = "(nil)"; }; }; } 2022-10-21 11:01:33.664868+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configuringAuthorization" = { "AuthenticationState.signedOut" = { lastKnownUserName = "(nil)"; }; "AuthorizationState.notConfigured" = { }; }; } 2022-10-21 11:01:33.664907+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ConfigureAuthorization.swift Starting execution 2022-10-21 11:01:33.664915+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/ConfigureAuthorization.swift Sending event AuthEvent.authorizationConfigured 2022-10-21 11:01:33.664978+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configuringAuthorization" = { "AuthenticationState.signedOut" = { lastKnownUserName = "(nil)"; }; "AuthorizationState.configured" = { }; }; } 2022-10-21 11:01:33.665018+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configured" = { "AuthenticationState.signedOut" = { lastKnownUserName = "(nil)"; }; "AuthorizationState.configured" = { }; }; } 2022-10-21 11:01:33.665048+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/IntializeSignInFlow.swift Starting execution 2022-10-21 11:01:33.665049+0200 DataStoreInit[14876:10302001] [AWSCognitoAuthPlugin] Auth state change: { "AuthState.configured" = { "AuthenticationState.signingIn" = { "SignInState.notStarted" = { }; }; "AuthorizationState.signingIn" = { }; }; } 2022-10-21 11:01:33.665104+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/LoadCredentialStore.swift Starting execution 2022-10-21 11:01:33.665110+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] Credential Store state change: loadingStoredCredentials 2022-10-21 11:01:33.665296+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/LoadCredentialStore.swift Retreiving credential deviceMetadata(username: "sebsto") 2022-10-21 11:01:33.666003+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/LoadCredentialStore.swift Sending event CredentialStoreEvent.throwError 2022-10-21 11:01:33.666046+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/IdleCredentialStore.swift Starting execution 2022-10-21 11:01:33.666062+0200 DataStoreInit[14876:10301998] [AWSCognitoAuthPlugin] AWSCognitoAuthPlugin/IdleCredentialStore.swift Sending event CredentialStoreEvent.moveToIdleState 2022-10-21 11:01:33.666065+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] Credential Store state change: error(KeychainStoreError: Unable to find the keychain item Recovery suggestion: This should not happen. There is a possibility that there is a bug if this error persists. Please take a look at https://github.com/aws-amplify/amplify-ios/issues to see if there are any existing issues that match your scenario, and file an issue with the details of the bug if there isn't. Issue encountered at: file: /Users/stormacq/Library/Developer/Xcode/DerivedData/HandlingUserInput-cnaivyntveyxcmgypmkkafobwaeh/SourcePackages/checkouts/amplify-swift/AmplifyPlugins/Core/AWSPluginsCore/Keychain/KeychainStoreError.swift function: recoverySuggestion line: 69) 2022-10-21 11:01:33.666122+0200 DataStoreInit[14876:10302000] [AWSCognitoAuthPlugin] Credential Store state change: idle 2022-10-21 11:01:33.671148+0200 DataStoreInit[14876:10301999] [AWSCognitoAuthPlugin] No existing device metadata found. AuthEnvironment(configuration: AWSCognitoAuthPlugin.AuthConfiguration.userPoolsAndIdentityPools(["pinpointAppId": "(nil)", "clientId": "5o19****miqg", "endpoint": "N/A", "clientSecret": "(nil)", "hostedUI": "[\"oauth\": \"[\\\"signInRedirectURI\\\": \\\"land****s://\\\", \\\"signOutRedirectURI\\\": \\\"land****s://\\\", \\\"domain\\\": \\\"ampl****.com\\\"]\", \"clientId\": \"5o19****miqg\", \"clientSecret\": \"(nil)\"]", "poolId": "eu-c****Szeu", "region": "Is this a regression?
No
Regression additional context
No response
Device
macbookpro
iOS Version
macOS 12.6
Specific to simulators
n/a
Additional context
No response