Description
Issue :
When running the electron app, I am not able to get the contacts permission dialog to be presented (neither when i run the script from the terminal, nor the compiled electron app), despite supplying the correct entitlement(s) in the plist file.
When running the electron app from the command line , the below code is evaluated and when i check the status, i am returned "Authorised" and as such i can successfully retrieve my macs Addressbook contacts. In this instance I understand why the pop-up is not displayed, as because I have run the electron app from Terminal, I am implicitly given access to contacts without needing to give consent explicitly.
However when I compile the Electron app, and run, the permission status is immediately returned as being "Denied", this happens for both the .app and .dmg versions.
Things i have tried :
- Clearing the permission state every time i make a new build with >
sudo tccutil reset All com.wowfresh.freshmeup-desktop - Performed step 1 and restarted my mac before attempting to launch the .dmg and .apps
I am running
electron version : v1.4.13
npm version : v6.14.15
node version : v14.18.1
OS version : Monterey 12.3.1
packager : electron-builder version : 23.0.3
My code and config
My entitlements plist file. Note : i have the same for inherited entitlements.
Also, if you're thinking , why has he included com.apple.security.personal-information.addressbook in the entitlements file, i have documented my rational in point 3 at the end :).
entitlements.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.personal-information.addressbook</key>
<true/>
<key>com.apple.private.tcc.manager.check-by-audit-token</key>
<true/>
<key>com.apple.security.automation.apple-events</key>
<true/>
<key>NSContactsUsageDescription</key>
<string>Your reason for wanting to access the Contact store</string>
<key>com.apple.security.inherit</key>
<true/>
</dict>
</plist>
Relevant pieces of package.json
"appId": "com.wowfresh.freshmeup-desktop",
"mac": {
"gatekeeperAssess": false,
"icon": "./public/icons/mac/icon.icns",
"category": "public.app-category.utilities",
"type": "distribution",
"hardenedRuntime": true,
"provisioningProfile": "../mac_signing_certificates/freshmeup-desktop.provisionprofile",
"identity": "Apple Distribution: freshmeup Limited (HSGFYWI9929)",
"asarUnpack": "**/*.node",
"extendInfo": {
"NSContactsUsageDescription": "Your reason for wanting to access the Contact store"
}
},
"mas":{
"entitlements": "./build/electron/entitlements.mac.plist",
"entitlementsInherit": "./build/electron/entitlements.mac.plist"
},
Getting contacts code
const macContacts = require('node-mac-contacts');
macContacts.requestAccess().then(function(result) {
const authStatus = macContacts.getAuthStatus();
console.log(`Authorization access to contacts is: ${authStatus}`);
if(authStatus == "Authorized"){
const allContacts = macContacts.getAllContacts();
console.log(allContacts);
}
});
My observations :
-
When i launch the app (and receive the
Deniedstatus immediately) i notice that system preferences is not launched (as the documents suggest it should be) and further more ... -
Having navigated to system preferences i do not see my app in the section as shown below.
-
Unrelated to points 1 and 2 , when i pull up the console logs for the compiled electron app, i see ERROR messages like the following in the list (in order of when i see them) coming from the tccd process , Note : TCC (Transparency, Consent, and Control) is a mechanism in macOS to limit and control application access to certain features
service: kTCCServiceAddressBook requires entitlement com.apple.security.personal-information.addressbook but it is missing for requesting
and
service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing
and
attempted to call TCCAccessRequest for kTCCServiceAccessibility without the recommended com.apple.private.tcc.manager.check-by-audit-token entitlement
These relate to what i am assuming are underlying permissions for accessing contacts, the odd thing is that despite adding them to the entitlements file, the errors persist.
At this point i would have thought , ok i have a signing problem, however when i test adding the camera and microphone permissions to the entitlements file, then requesting access to them in my code using the electron request method https://www.electronjs.org/docs/latest/api/system-preferences#systempreferencesaskformediaaccessmediatype-macos , i get the "Application Name wants access to your camera and microphone" dialog as expected.
Thank you so much for any help / guidance / alternative things i could try.