Skip to content

Allow explicitly set identifiers on all systems #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow explicitly set identifiers on all systems #348

wants to merge 1 commit into from
+10 −33

Conversation

@antons
Copy link

@antons antons commented Sep 24, 2025

I’m working on a suite of iOS and macOS apps that are going to share login information using iCloud Keychain. The apps will be distributed both on the App Store and directly, signed with Developer ID. As discussed in #140, switching between a directly distributed app and an App Store release shows a keychain prompt with the service identifier, so we have to use an explicitly set identifier. Since the items are synchronizable, we need to use the same explicitly set identifier on iOS. Currently Valet prevents this by restricting the explicitly set identifier APIs to macOS only. Would you be open to allowing the explicitly set identifier APIs on all systems? Ideally, I’d prefer to avoid maintaining a fork.

@CLAassistant
Copy link

CLAassistant commented Sep 24, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

dfed
dfed approved these changes Sep 24, 2025
View reviewed changes
Copy link
Collaborator

@dfed dfed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That seems reasonable to me! Thanks for sharing your reasoning. The documentation on these methods is reasonable regarding the downsides of using it. I'd like to add an addendum to Creates a Valet with an explicitly set kSecAttrService. along the lines of This API is intended for use with macOS applications where service identifiers can be user-facing.

Sound reasonable?

@antons
Copy link
Author

antons commented Sep 24, 2025

Yep, sounds reasonable! Updated, and fixed watchOS.

@dfed
Copy link
Collaborator

dfed commented Sep 24, 2025

Looking good @antons! Once the CLA is signed (and I'm awake – it's getting late here) I'll merge + publish a release.

@antons
Copy link
Author

antons commented Sep 24, 2025

@dfed I have submitted the CLA shortly after submitting the PR, and I’m not sure why it hasn’t registered. FYI, once this merges, I will have another pull request extending #297 to Valets with explicit identifiers.

@dfed
Copy link
Collaborator

dfed commented Sep 24, 2025

@efirestone can you lend a hand with the CLA bot?

@dfed
Copy link
Collaborator

dfed commented Oct 7, 2025

@pwesten aimilar ask: would love some insight into the ClA check failure given the above – @antons said they signed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dfed dfed dfed approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@antons @CLAassistant @dfed