node-mac-contacts
node-mac-contacts copied to clipboard
codebytere
Permission dialog for contacts access not shown
Issue : When running the electron app, I am not able to get the contacts permission dialog to be presented (neither when i run the script from the terminal, nor the compiled electron app), despite supplying the correct entitlement(s) in the plist file.
When running the electron app from the command line , the below code is evaluated and when i check the status, i am returned "Authorised" and as such i can successfully retrieve my macs Addressbook contacts. In this instance I understand why the pop-up is not displayed, as because I have run the electron app from Terminal, I am implicitly given access to contacts without needing to give consent explicitly.
However when I compile the Electron app, and run, the permission status is immediately returned as being "Denied", this happens for both the .app and .dmg versions.
Things i have tried :
- Clearing the permission state every time i make a new build with >
sudo tccutil reset All com.wowfresh.freshmeup-desktop - Performed step 1 and restarted my mac before attempting to launch the .dmg and .apps
I am running electron version : v1.4.13 npm version : v6.14.15 node version : v14.18.1 OS version : Monterey 12.3.1 packager : electron-builder version : 23.0.3
My code and config
My entitlements plist file. Note : i have the same for inherited entitlements.
Also, if you're thinking , why has he included com.apple.security.personal-information.addressbook in the entitlements file, i have documented my rational in point 3 at the end :).
entitlements.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.personal-information.addressbook</key>
<true/>
<key>com.apple.private.tcc.manager.check-by-audit-token</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>NSContactsUsageDescription</key>
<string>Your reason for wanting to access the Contact store</string>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
Relevant pieces of package.json
"appId": "com.wowfresh.freshmeup-desktop",
"mac": {
"gatekeeperAssess": false,
"icon": "./public/icons/mac/icon.icns",
"category": "public.app-category.utilities",
"type": "distribution",
"hardenedRuntime": true,
"provisioningProfile": "../mac_signing_certificates/freshmeup-desktop.provisionprofile",
"identity": "Apple Distribution: freshmeup Limited (HSGFYWI9929)",
"asarUnpack": "**/*.node",
"extendInfo": {
"NSContactsUsageDescription": "Your reason for wanting to access the Contact store"
}
},
"mas":{
"entitlements": "./build/electron/entitlements.mac.plist",
"entitlementsInherit": "./build/electron/entitlements.mac.plist"
},
Getting contacts code
const macContacts = require('node-mac-contacts');
macContacts.requestAccess().then(function(result) {
const authStatus = macContacts.getAuthStatus();
console.log(`Authorization access to contacts is: ${authStatus}`);
if(authStatus == "Authorized"){
const allContacts = macContacts.getAllContacts();
console.log(allContacts);
}
});
My observations :
-
When i launch the app (and receive the
Deniedstatus immediately) i notice that system preferences is not launched (as the documents suggest it should be) and further more ... -
Having navigated to system preferences i do not see my app in the section as shown below.
-
Unrelated to points 1 and 2 , when i pull up the console logs for the compiled electron app, i see ERROR messages like the following in the list (in order of when i see them) coming from the tccd process , Note : TCC (Transparency, Consent, and Control) is a mechanism in macOS to limit and control application access to certain features
service: kTCCServiceAddressBook requires entitlement com.apple.security.personal-information.addressbook but it is missing for requesting
and
service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing
and
attempted to call TCCAccessRequest for kTCCServiceAccessibility without the recommended com.apple.private.tcc.manager.check-by-audit-token entitlement
These relate to what i am assuming are underlying permissions for accessing contacts, the odd thing is that despite adding them to the entitlements file, the errors persist.
At this point i would have thought , ok i have a signing problem, however when i test adding the camera and microphone permissions to the entitlements file, then requesting access to them in my code using the electron request method https://www.electronjs.org/docs/latest/api/system-preferences#systempreferencesaskformediaaccessmediatype-macos , i get the "Application Name wants access to your camera and microphone" dialog as expected.
Thank you so much for any help / guidance / alternative things i could try.
You can print the entitlements of a packaged app with codesign -d --entitlements :- /Applications/AppName.app | plutil -p -, does it show up there?
Thank you so much for getting back to me, i have been badly jammed so nice to try something new on route to a resolution. Interesting, having run it does not contain the NSContactsUsageDescription key.
All i get is :
{
"com.apple.security.cs.allow-jit" => 1
"com.apple.security.cs.allow-unsigned-executable-memory" => 1
"com.apple.security.cs.disable-library-validation" => 1
}
So it looks to not be an issue with my use of the module, rather, in my case electron-builder, which is doing the packaging ...perhaps ....
Following the docs for Mac App Store (MAS) build generation > https://www.electron.build/configuration/mas < i am confident i am pointing to the entitlements file correctly in my package.json.
For completeness i was also looking into electron-builder's default plist file (the one used in case none is specified) > https://github.com/electron/osx-sign/blob/main/entitlements/default.mas.plist < and none of the keys match any i am using (specifying in "my" plist file).
This leaves me feeling confident that "my" plist file is getting used, however , very oddly, it is missing
<key>NSContactsUsageDescription</key>
<string>Your reason for wanting to access the Contact store</string>
Not sure if @KishanBagaria , in your experience another packager is preferred by the electron community? I am an electron newbee.
We use electron-builder too. NSContactsUsageDescription isn't an entitlement, it'll be present in Info.plist. com.apple.security.personal-information.addressbook should be present in the codesign command I mentioned earlier.
Try setting "entitlements": "./build/electron/entitlements.mac.plist" for mac as well as mas. Could try moving the file too.
@KishanBagaria thank you so much for your suggestion.
So quick update , i have amended the package.json as per your suggestions, and removed the NSContactsUsageDescription key from the entitlements file. Now running :
codesign -d --entitlements :- /Applications/AppName.app | plutil -p -
gives me something that looks much more healthy
{
"com.apple.application-identifier" => "UDHEBFGSET.com.wowfresh.freshmeup-desktop"
"com.apple.developer.team-identifier" => "UDHEBFGSET"
"com.apple.private.tcc.manager.check-by-audit-token" => 1
"com.apple.security.app-sandbox" => 1
"com.apple.security.application-groups" => [
0 => "UDHEBFGSET.com.wowfresh.freshmeup-desktop"
]
"com.apple.security.automation.apple-events" => 1
"com.apple.security.inherit" => 1
"com.apple.security.personal-information.addressbook" => 1
}
However the app cannot be launched, i get a pop up (both for the dmg and app versions saying "The application “WowFresh” can’t be opened.".
Looking in the console i see a new error :
embedded provisioning profile not valid . Error Domain=CPProfileManager Code=-215 "Only Development Provisioning Profiles can be installed in System Preferences. Production Provisioning Profiles are imported within Xcode."
So i think i now just need to use a non production provisioning profile and i might be in the clear, i will report back when i've tried that. Thank you again.
I'm having this issue, but just when running from terminal. Any ideas? @KishanBagaria @ElliotCambo ?
