MacOS implementation uses legacy password storage

[GrosQuildu]

Keyring uses methods like SecKeychainAddGenericPassword and SecKeychainFindGenericPassword in the MacOS implementation. These are part of the "Legacy Password Storage" according to the Apple documentation. A newer API would use SecItemAdd, SecItemCopyMatching etc.

One problem I have with the Legacy API is that I can't use TouchID for authentication and must type a password every time I call keyring.get_password. Moving to the newer API should solve that problem.

I am not sure if the newer methods can be used via a CDLL.

Would it make sense to migrate to newer methods, or using the Legacy Storage is a hard requirement for the keyring?

[jaraco]

I'd be delighted to move to the newer, preferred APIs. There are several other macOS issues that would be helped by having access to this more sophisticated API.

I too am unsure if or how one could bind to that API. I would prefer to have a pure Python implementation if possible (through ctypes or cffi), but I wouldn't exclude the possibility of using something like PyObjC.

I'd be delighted to help someone think through the challenge and brainstorm on ways to upgrade this interface, but I'll be unlikely to take it on myself anytime soon.

[YKdvd]

This got updated with 23.1.0 - #519 was mentioned in the change log, but it was #522 that did it. This can be closed?