Hey guys. We're attempting to submit an update for our app and TestFlight scan of our IPA returns a rejection with the message: ERROR ITMS-90164 Invalid Code Signing Entitlements. The entitlements in your app bundle signature do not match the ones that are contained in the provisioning profile. According to the provisioning profile, the bundle contains a key value that is not allowed: ["OurTeamID", "com.apple.token"] for the key 'keychain-access-groups' in 'Payload/ourApp.app/ourApp' This is only happening now with the introduction of 'com.apple.token' since we're introducing biometrics support to our App. Our previous release had no issues. Our app's entitlements are: <plist version="1.0"> <dict> <key>application-identifier</key> 	<string>OurTeamID.our.bundle.id</string> <key>com.apple.developer.default-data-protection</key> <string>NSFileProtectionComplete</string> <key>com.apple.developer.team-identifier</key> <string>OurTeamID</string> <key>get-task-allow</key> <true/> <key>keychain-access-groups</key> <array> <string>OurTeamID.*</string> <string>com.apple.token</string> </array> </dict> </plist> and our provisioning profile entitlements are: <key>Entitlements</key> <dict> 		<key>com.apple.developer.default-data-protection</key> 		<string>NSFileProtectionComplete</string> 		<key>application-identifier</key> <string>ourTeamID.our.bundle.id</string> <key>keychain-access-groups</key> <array> <string>OurTeamID.*</string> <string>com.apple.token</string> </array> <key>get-task-allow</key> <true/> <key>com.apple.developer.team-identifier</key> <string>OurTeamID</string> </dict> So everything looks correct to me. Does anyone have any idea why the scan would think the entitlements don't match when they do? Thanks in advance.