Can keychain access during initialization be made optional?

Description

Many users have concerns about the usage of the keychain during SDK initialization:

This post (Keychain access required for proper initialization? - #2 by jon.lieblich) says it’s needed for “remember me” and persisting some settings to work, but also notes that may not be needed by all SDK users.

Could accessing the keychain be made optional during SDK initialization? It could be used by default, and/or it could be used only when the features requiring it are used. This could be a property of ZoomSDKInitParams, something like persistSettingsUsingKeychain.

Which macOS Meeting SDK version?

zoom-sdk-macos-5.9.3.4280

To Reproduce(If applicable)

Issue can be reproduced by calling [[ZoomSDK sharedSDK] initSDKWithParams:params].

Hi @dylan_v,

As far as I am aware, there are still technical constraints preventing us from being able to suppress these. It has been a while since we last discussed this internally though, so I can check in again and see if anything has changed. Once I have any updates I will be sure to share. :slightly_smiling_face:

Thanks!

Thanks @jon.lieblich. I can also say that for my use case things work even if the keychain access is denied. I think people mentioned that in other threads as well.

Hi @dylan_v,

Yes, you should be fine with denying the keychain permission. The only noticeable impact of that was related to a method that no longer exists in the SDK as of v5.9.0.

Thanks!

I’m mention that denying permission doesn’t break anything because it means that for some users the keychain access notification will be potentially alarming users for no reason.

Hi @dylan_v,

We completely understand that this is not the most desirable UX. We may be able to improve this in the future, but for the time being this cannot be hidden.

Thanks!

Aside from end users this was also a bit of a pain during development, because on each run of an SDK app from Xcode I would need to dismiss these dialogs.

The solution to that issue is code signing the app during development. You will need to configure signing for the app and code sign the .app files shipped with the Zoom SDK.

Here’s a bash function for doing so:

function signBinaries {
    if (($# == 0)); then
        echo "e.g. signBinaries UY7HGFFFFF *.app"
    fi

    local identity=$1

    shift

    for i; do
        echo "Sign:" $i "with" $identity
        xattr -cr $i
        codesign -f -s $identity $i
    done
}

Thanks for sharing!

Please don’t hesitate to reach back out in a new topic with any additional questions. :slightly_smiling_face: