Keychain Implementation Issues

[ChristopherCarranza]

Pegil,

I left this as a comment on another thread that was closed, but feel this is important enough to be a whole new issue.

I'm running into a slight issue with your implementation of your keychain items. In native iOS when using the keychain, it essentially has 3 different properties that you use.

Keychain identifier, Account, ValueData

With these three values i can have a username and password field in my iOS app always identified with the unique identifier. The account would equal the username and valuedata would be the password. I the programmer can choose the Keychain identifier in code, which means i have one keychain item to manage. And if i need to reset that keychain item, i can get to it with the identifier that i have established.

The way you have implemented it essentially lets the user create a new keychain item each time because you are using their account as the keychain identifier.

So if a user types in a username of "Chris" then hits save, it will save it as a new keychain item of "Chris". If they go back and modify it to "chris" or "dave" it technically isn't modifying the one keychain item, it is creating a whole new one. So you are allowing the user to create lord knows how many keychain items on their phone.

Hopefully this makes sense, but essentially you are missing a vital piece of the keychain implementation and as it stands this is quite flawed. Is it possible for any changes to happen here.

[pegli]

I've modified the module so the keychain item identifier is no longer the account name; it is now a separate, read-only field. The new unit tests under modules/ios/example verify that the value of the account property can be changed in a particular keychain item.