Keychain manager keeps challenging in HttpSocket request

Hi folks,

I’m having an issue with a REST application. The application itself works fine; I can connect to the server and retrieve the data. But every time I hit the server I get a pop-up on my Mac: “The authenticity of “VocabularyManager.debug” cannot be verified. To allow this, enter the “login” keychain password.”

I enter the password, and I get the correct response data. If I use the Deny or Allow button, I get the challenge again as soon as I hit the server. If I use the Always Allow button, I don’t get a challenge in the current run of the application, but I do see it next time I run it. The built (Mac) application shows the same behaviour.

See screenshot. I have done some fairly inept googling but cannot work out why the challenge keeps coming up. Can anyone suggest what I should do to prevent this from coming up?

Is this only happening with your app? Can you post your code how you access the keychain data?

I’m using a Wacom tablett and Wacom is seriously special on the Mac side. I get a dialog like this EVERY time I access the keychain.

Maybe it’s an Apple bug.
When I use any of my ftp programs, I always have to enter the password for every server connection, although I have pressed the “Allways Allow” many, many, many times.

Perhaps I’m not understanding the issue, but I fail to appreciate how the server asking for credentials is considered a bug. IMHO, the server NOT requesting authentication would be the bug.

[quote=377203:@Beatrix Willius]Is this only happening with your app? Can you post your code how you access the keychain data?

I’m not trying to access the keychain. I am using the REST api of a remote web application server, so my application is acting as a REST client. I have to do basic authentication to get to the server. I have the username and password which I send off to the server. Once authenticated (I see a 200 status code) I can run api commands. This all works successfully, but I see this irritating additional message. When I run the same api command with Paw (again, simply supplying basic authentication credentials) I don’t get any challenge; only with Xojo (this application and the example RESTdemo application). So I don’t know why anything is being referred to Keychain manager.

I don’t think I’m suggesting that the server asking for credentials is a bug; it’s keychain manager stepping in and asking for my login password that seems to be the bug.

I’m supplying the credentials when the server asks for them. I know I’m authenticating successfully, because regardless of what response I give to the keychain request dialog (Allow, Deny, Always Allow) I can then successfully send api commands and get meaningful results back. The only difference in behaviour I see is that clicking Always Allow lets me send further queries without challenge, whereas either Allow or Deny result in my getting another challenge every time I send a query.

Very baffling.

I had a thought. Is it possible that the Apple Security settings are causing this, if I am not an “approved” developer?

If your application isn’t signed, you’ll get the confirmation message every access to the keychain, even if you click “always allow”.