ioskeychainentitlements

OSStatus error:[-34018] Internal error when a required entitlement isn't present error on device


I am trying to implement keychain sharing using KeyChainAccess. I have build two very basic applications: App One that writes a string to a shared keychain, and App Two that reads the data from the shared keychain and displays it.

My code for App One:

    override func viewDidLoad() {
    super.viewDidLoad()

    //save item to keychain
    let keychain = Keychain(service: "app.test", accessGroup: "xxxxx.xxxxx.xxxxx.Keychain-Sharing")

    do {
        try keychain.set("Some Data Set in app one", key: "sharedData")
        print("Success")
        label.text = "Success"
    }
    catch let error {
        print("Keychain write failed: \(error)")
        label.text = "Keychain write failed: \(error)"
    }

}

My code for App Two that reads and displays from the shared keychain:

override func viewDidLoad() {
    super.viewDidLoad()

    //load item from keychain
    let keychain = Keychain(service: "app.test", accessGroup: "xxxxx.xxxxx.xxxxx.Keychain-Sharing")

    let data = try? keychain.get("sharedData")

    print("Data from Keychain: \(data ?? "nil")")

    label.text = "Data from Keychain: \(data ?? "nil")"
}

This is a very basic example just to try the concept, however what I am finding is that when I run it using Xcode's simulator on my Mac it behaves as expected, I run the first app - it succeeds, I then run the second app and the correct string is displayed.

When I then try to run it on a device (by plugging my device into my Mac and changing the run location I receive the following error when trying to write and read from the shared keychain:

   OSStatus error:[-34018] Internal error when a required entitlement isn't present, client has neither application-identifier nor keychain-access-groups entitlements.

I have checked my entitlements file and I can see that they are included in both applications:

enter image description here

And the entitlements files is referenced correctly in the build settings: enter image description here

Also when I hover over my provisioning profile it tells me that they are included:

enter image description here

Is this what is allowing it to run successfully in the Xcode simulator? and what am I missing to get it to run on the handset? I think this is something to do with my certificates / profiles but I am fairly new to this so I am not certain as to exactly what I need / missing or what to check?

Can anyone help or point me in the right direction?


Solution

  • I had the same issue. And the solution was very easy. Check once again accessGroup parameter in Keychain initializer. For example, you add the Keychain Group in Capabilities with the name "com.myCompany.app". But it is not the full name of accessGroup. To solve the issue just prepend "App ID prefix" to the keychain group name. You can find this prefix in your apple developer account inside your App ID configuration. The full accessGroup name will be "XXXXXXXXXX.com.myCompany.app", where XXXXXXXXXX is your App ID prefix.