iOS SFHFKeychainUtils failing *sometimes* with error -25308 errSecInteractionNotAllowed
OK so I worked this out finally.
Eventually I worked out the users who were having problems had set a lock code on their phone. If the phone was locked the keychain system was returning this -25308 error.
If you only ever need to access the keychain when the app is active in the forground you would never see this issue - but if you need to carry on processing when the phone is locked or if the app is in background then you would see it.
Elsewhere I'd read that the default access attribute for the kechain system is kSecAttrAccessibleAlways - but I think that is out of date. It seems the default access attribute for the keychain system is such that when the phone is locked with a pin code then the items are unavailable.
The fix for this is to change the SFHFKeychainUtils code to set a specific kSecAttrAccessible attribute on the keychain items it manages (which the original code did not do - presumably as it pre-dated these attributes).
This wordpress updated version of the SFHFKeychainUtils code has the fixes in it - search for kSecAttrAccessible to see where they have added the accessible attribute code.
Hope this helps anyone else running into this...
I was having this issue in iOS 14 with Widgets extensions that are accessing to the keychain to get the JWT token to call some rests.
Apparently, widgets tried by default to update also when the device is locked and the keychain item I was trying to use was not accessible.
After setting this attribute to the keychain element (swift 5 code), everything seems to be working:
keychainItem[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlock