PersistentRef of keychain item on macOS catalyst

Question

Background

I'm trying to build an app that connects to VPN using native IKEv2 implementation. The app should be built for iOS but run on macOS as well by using Catalyst platform.

Situation

When connecting to VPN using native IKEv2 implementation in iOS/macOS - to use username and password authentication, app has to pass a persistent keychain reference to a keychain item containing the password. ( Reference )

Problem

On iOS it works perfectly, but when initiating VPN connection on Catalyst platform, VPN service cannot retrieve the password using given persistent reference. Console prints:

[] (null): Failed to copy content, SecKeychainItemCopyContent returned The contents of this item cannot be retrieved.

The keychain item is stored in the keychain, persistent reference is not nil , but for some reason, OS's VPN service couldn't retrieve the password.

If I try to retrieve the password using that same persistent reference - everything works as expected and the password is retrieved.

let query: [String: Any] = [
    kSecClass as String: kSecClassGenericPassword,
    kSecAttrPersistentReference as String: persistentRef,
    kSecReturnData as String: true
]
        
var item: CFTypeRef?
let status = SecItemCopyMatching(query as CFDictionary, &item)

---

Any information will be highly appreciated. Maybe some flags should be added when saving password to keychain? Maybe some flags should be added when retrieving the persistent reference from keychain specifically on Catalyst platform?

Answer 1

I asked this question directly through Apple's feedback support, the answer I was given is: