We are using an SFAuthorizationPluginView-based authentication plug-in for screen unlock, and we are seeing focus/activation behavior on macOS Tahoe 26.4.1 that appears different from earlier macOS releases. In our lock-screen plug-in UI, the view is displayed correctly, but keyboard input does not go to our password field until the user physically clicks inside the plug-in view. We have already tried the documented focus-related hooks and standard AppKit approaches, including: Overriding firstResponder Overriding firstKeyView / lastKeyView Calling becomeFirstResponder Calling makeFirstResponder on the host window during activation Setting up the key view loop between controls Despite this, on Tahoe 26.4.1 the password field still does not accept typing until the first mouse click inside the plug-in view. Could you clarify the following: On macOS Tahoe 26.4.1, are there any known changes in SecurityAgent / SFAuthorizationPluginView behavior that affect firstResponder, firstKeyView, or keyboard activation during screen unlock? Is a physical click now required before keyboard input is delivered to an SFAuthorizationPluginView in this context? If not, what is the recommended supported way to ensure the password field becomes keyboard-active immediately when the plug-in view is shown? Are becomeFirstResponder / makeFirstResponder expected to work in this host context, or are only the SFAuthorizationPluginView hooks (firstResponder, firstKeyView, lastKeyView) supported? Is there any recommended host-window or activation API for this scenario, or is this considered a regression in Tahoe?

I need to launch ASWebAuthenticationSession from single sign on extension, but its not launching it might issue with anchoring window, I have create custom windo and passing it in presentanchor(for session) function, custom window is launching but ASWebAuthenticationSession browser is not launching Note - flow is like this Apple PSSO register window lauched OIDC login will happen via ASWebAuthenticationSession to get accesstoken which will use in device registration but ASWebAuthenticationSession is not launching, I am using custom scheme as redirect URI iskeywindow for custom window is always false what is right approach to achieve the goal

I am using Button in my app, is push button and style is Momentary push in and bordered, added image icon on it also bottom shows with image with white background , like below But in Tahoe OS, it shows without white background(almost like border less) Do I need to change button style?

Hello I want to implement customisation to swift argumentparser, Here are following changes want to do it in my cli changing default footer present in help command output currently help command output coming like this OVERVIEW: clisample USAGE: clisample <subcommand> OPTIONS: --version show the version. -h, --help show the help. SUBCOMMANDS: logs (default) Export logs for clisample processes. See 'clisample --help' for more information.' so instead of See 'clisample --help' for more information.' I want my own string For more details, run 'clisample help <subcommand>' customise error string getting from validation error Error: Missing value for '-t <time>' Help: -t <time> Time window (e.g. 10h, 30m, 2d). Usage: clisample logs --time <time> See 'clisample logs --help' for more information. so I want error output with example and customised footer, like this Error: Missing value for '-t <time>' Help: -t <time> Time window (e.g. 10h, 30m, 2d). Usage: clisample logs --time <time> Example: clisample logs -t 5m For more details, run 'clisample help <subcommand>' Is this changes possible from anyway?

I have developed framework and want to use this framework in authplugin which added on same project in different target That plugin target is working fine without framework, once I am adding framework the authplugin is not working Auth-plugin I am using to change in screen-saver plist

I'm currently exploring Apple's Auth-Plugin extension and have modified the authdb to log in to a Mac device without using the default login password. Specifically,I am replacing builtin:authenticate,privileged with a custom privileged mechanism that authenticates the user and grants desktop access based on our custom logic. However, this approach does not unlock the user's Keychain. Since I'm bypassing the login password, the Keychain remains locked. I'm considering whether a certificate-based persistent token could be used to unlock the Keychain. Is this approach recommended, or is there a more suitable solution, such as using CryptoTokenKit or another available API?

Hi, I'm working on a sample app to enable two-way data transfer between Mac, iOS, and Android devices. The devices will be in close proximity to each other. To implement this, I used Google's Nearby API, which supports cross-platform communication. The approach has worked well for Mac and iOS devices, even across different networks. However, while Mac and Android devices communicate successfully when on the same network, they fail to discover each other when on different networks. Mac :left_right_arrow: iOS-----Works fine in all scenarios. Mac :left_right_arrow: Android-------Works only when both devices are on the same network, but fails to discover each other on different networks. Is there any alternative approach to achieve reliable cross-platform communication, or any technical documentation that could help with this? Thanks in advance!

Hi There, I have to achieve following scenario Track system event on macosx for shutdown and restart and update one plist with same event via launchAgent I have tried following code on launchAgent class MyAgent { init() { let notificationCenter = NSWorkspace.shared.notificationCenter // Register for system shutdown notification notificationCenter.addObserver(self, selector: #selector(handleNotification(_:)), name: NSWorkspace.willPowerOffNotification, object: nil) RunLoop.current.run() } @objc func handleNotification(_ notification: Notification) { var logMessage = "" switch notification.name { case NSWorkspace.willPowerOffNotification: os_log("System is going to shut down at", log: log, type: .default) updatePlistFile(event: "shut down") let fileName = "example.txt" let content = "shut down" createAndWriteFile(fileName: fileName, content: content) logMessage = "System is going to shut down at \(Date())\n" } } } loaded the agent, and tried to restart device, I can't see as it is coming to handleNotification Same code is working fine from sample application but not from launchAgent Is there any restriction is there for NSWorkspace, if is that so, how to track shutdown/restart event from launchAgent or LaunchDaemon Any help will be appreciate

Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/ Once Inserting USB mouse I am getting smart card pairing notification on Mac This scenario is working fine and able to achieve following changes on Mac device - Getting Smart card notification for pairing on Mac device After Pairing , Password field on Login Screen changes to PIN field But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB Is there any way to achieve This? Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c

created a custom PAM module following this and It works fine with etc/pam.d/sudo but doesn't work with etc/pam.d/authorization and etc/pam.d/login. sudo # sudo: auth account password session auth include sudo_local auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth sufficient pam_smartcard.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so authorization # authorization: auth account auth sufficient /usr/local/Cellar/cpam/1.0.0/lib/security/cpam.so auth optional pam_krb5.so use_first_pass use_kcminit no_auth_ccache auth optional pam_ntlm.so use_first_pass auth sufficient pam_smartcard.so use_first_pass account required pam_opendirectory.so Is it even allowed to add a custom PAM to \etc\pam.d\login or etc\pam.d\authorization ? Is it possible to create a mechanism with custom logic and replace it withbuiltin:authenticate,privileged in system.login.console authorization right ? Note: I have also tried moving the .so file to /usr/lib/pam but it failed even after disabling SIP.

Hi Team, I have developed a smartcard driver which is working fine when inserting USB mouse, So here is the process I followed for smartcard driver: Smartcard driver(IFdHandler) has info.plist which contains vendor Id and product ID attributes Mentioned vendor Id and product ID of USB mouse which one is going to be connected to device(Mac) in info.plist, Build the IFDdriver and replace it to path - /usr/local/libexec/SmartCardServices/drivers/ Once Inserting USB mouse I am getting smart card pairing notification on Mac This scenario is working fine and able to achieve following changes on Mac device - Getting Smart card notification for pairing on Mac device After Pairing , Password field on Login Screen changes to PIN field But I want smartcard driver(IFDHandler) to be trigger via bluetooth connection from iPhone or android instead via USB Is there any way to achieve This? Reference for USB driver smart card driver - https://github.com/frankmorgner/vsmartcard/blob/master/virtualsmartcard/src/ifd-vpcd/ifd-vpcd.c

Hi Team, 

I am developing a sample authPluggin which should connect to a mobile app via bluetooth connection, 
So here are the scenario

 Authplugin with Bluetooth connection shoould work on lockscreen+login 

I have created mechanism- prepared:privillaged, main, clean:Privilaged Calling corebluetoothmanager initiation at the time of prepared:privilaged mechanism I have to add my auth plugin’s mechanism before loginwindow:success mechanism

 But I always gets unauthorized = 3, from power state of bluetooth

 Note: With App, bluetooth connection is working fine, Its giving error with authPlugin How to achieve my ultimate goal, is this the right way?