iOS. authenticatedClientWithCompletion fails with error "Cannot add a new item in the keychain. Error code: -25243" about onedrive-sdk-ios HOT 7 CLOSED

Hi @DmitryRybakov,
Thanks for reporting this. Are you doing anything special with regard to overriding the keychain access group?

from onedrive-sdk-ios.

Hello.
I am not sure about overriding and why we would need it. The answer is highly possibly no. How it can be relevant?

Sent from my iPhone

On Apr 29, 2016, at 10:10 PM, Kevin Lam [email protected] wrote:

Hi @DmitryRybakov,
Thanks for reporting this. Are you doing anything special with regard to overriding the keychain access group?

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub

from onedrive-sdk-ios.

I just wanted to check first that you don't have any special logic in your app for keychain sharing between apps which may affect this. The particular error code you are seeing is "errSecNoAccessForItem", returned by the OS call "SecAddItem" when there is an issue with keychain access group configuration. I will investigate to see if I can reproduce the issue.

from onedrive-sdk-ios.

Hi Kevin,
Here is my sample project on which I have managed to replicate the issue 2) https://www.dropbox.com/s/u6o1rd79acslbrr/OneDriveTest.zip?dl=0
I am wondering if it can be somehow connected with the configuration.

from onedrive-sdk-ios.

Hello Kevin,
Have you had a chance to look through the sample I have provided?

from onedrive-sdk-ios.

Hi Dmitry,
Thanks for posting your sample - I was able to reproduce the issue as described.

The error being logged to the console indicates the access/refresh token is not being saved correctly to the keychain. This is not ideal, but in the very short term at least you should be able to use the ODClient object returned from authenticatedClientWithCompletion (it does not return any error even when this message is being printed).

For the underlying cause of the error, it looks like ADAL expects the developer to add "keychain sharing" under the Capabilities tab of the project settings as documented here: https://github.com/AzureAD/azure-activedirectory-library-for-objc - search for "keychain setup" on the page.

In ADAL 1.2.4 (the version of ADAL that this SDK currently depends on), the keychain group you need to add is the app's bundle identifier (e.g. "com.breezy2.onedrivetest"). In ADAL 1.2.6 instead you need "com.microsoft.adalcache".

I will be posting a PR shortly updating the ADAL dependency to "~> 1.2" (will resolve to 1.2.6) and updating the README to mention the keychain access group. In the meantime, if you add both the app bundle identifier and "com.microsoft.adalcache" as keychain groups, I believe it should resolve the issue in both cases.

-Kevin

from onedrive-sdk-ios.

Thanks!

from onedrive-sdk-ios.