Permission dialog for contacts access not shown

[ElliotCambo]

Issue :
When running the electron app, I am not able to get the contacts permission dialog to be presented (neither when i run the script from the terminal, nor the compiled electron app), despite supplying the correct entitlement(s) in the plist file.

When running the electron app from the command line , the below code is evaluated and when i check the status, i am returned "Authorised" and as such i can successfully retrieve my macs Addressbook contacts. In this instance I understand why the pop-up is not displayed, as because I have run the electron app from Terminal, I am implicitly given access to contacts without needing to give consent explicitly.

However when I compile the Electron app, and run, the permission status is immediately returned as being "Denied", this happens for both the .app and .dmg versions.

Things i have tried :

1. Clearing the permission state every time i make a new build with > sudo tccutil reset All com.wowfresh.freshmeup-desktop
2. Performed step 1 and restarted my mac before attempting to launch the .dmg and .apps

I am running
electron version : v1.4.13
npm version : v6.14.15
node version : v14.18.1
OS version : Monterey 12.3.1
packager : electron-builder version : 23.0.3

My code and config
My entitlements plist file. Note : i have the same for inherited entitlements.
Also, if you're thinking , why has he included com.apple.security.personal-information.addressbook in the entitlements file, i have documented my rational in point 3 at the end :).

entitlements.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.personal-information.addressbook</key>
        <true/>
        <key>com.apple.private.tcc.manager.check-by-audit-token</key>
        <true/>
        <key>com.apple.security.automation.apple-events</key>
        <true/>
        <key>NSContactsUsageDescription</key>
        <string>Your reason for wanting to access the Contact store</string>
        <key>com.apple.security.inherit</key>
        <true/>
    </dict>
</plist>

Relevant pieces of package.json

                "appId": "com.wowfresh.freshmeup-desktop",
		"mac": {
			"gatekeeperAssess": false,
			"icon": "./public/icons/mac/icon.icns",
			"category": "public.app-category.utilities",
			"type": "distribution",
			"hardenedRuntime": true,
			"provisioningProfile": "../mac_signing_certificates/freshmeup-desktop.provisionprofile",
			"identity": "Apple Distribution: freshmeup Limited (HSGFYWI9929)",
			"asarUnpack": "**/*.node",
			"extendInfo": {
		                    "NSContactsUsageDescription": "Your reason for wanting to access the Contact store"
		         }
			
		},
		"mas":{
			"entitlements": "./build/electron/entitlements.mac.plist",
			"entitlementsInherit": "./build/electron/entitlements.mac.plist"
		},

Getting contacts code

                                 const macContacts = require('node-mac-contacts');

				macContacts.requestAccess().then(function(result) {
			  	  
				  	const authStatus = macContacts.getAuthStatus();
					
					console.log(`Authorization access to contacts is: ${authStatus}`);

					if(authStatus == "Authorized"){
						const allContacts = macContacts.getAllContacts();
						console.log(allContacts);
					}
				
                                 });

My observations :

1. When i launch the app (and receive the Denied status immediately) i notice that system preferences is not launched (as the documents suggest it should be) and further more ...

2. Having navigated to system preferences i do not see my app in the section as shown below.
   

3. Unrelated to points 1 and 2 , when i pull up the console logs for the compiled electron app, i see ERROR messages like the following in the list (in order of when i see them) coming from the tccd process , Note : TCC (Transparency, Consent, and Control) is a mechanism in macOS to limit and control application access to certain features

service: kTCCServiceAddressBook requires entitlement com.apple.security.personal-information.addressbook but it is missing for requesting
and
service: kTCCServiceAppleEvents requires entitlement com.apple.security.automation.apple-events but it is missing for accessing
and
attempted to call TCCAccessRequest for kTCCServiceAccessibility without the recommended com.apple.private.tcc.manager.check-by-audit-token entitlement

These relate to what i am assuming are underlying permissions for accessing contacts, the odd thing is that despite adding them to the entitlements file, the errors persist.

At this point i would have thought , ok i have a signing problem, however when i test adding the camera and microphone permissions to the entitlements file, then requesting access to them in my code using the electron request method https://www.electronjs.org/docs/latest/api/system-preferences#systempreferencesaskformediaaccessmediatype-macos , i get the "Application Name wants access to your camera and microphone" dialog as expected.

Thank you so much for any help / guidance / alternative things i could try.

[KishanBagaria]

You can print the entitlements of a packaged app with codesign -d --entitlements :- /Applications/AppName.app | plutil -p -, does it show up there?

[ElliotCambo]

Thank you so much for getting back to me, i have been badly jammed so nice to try something new on route to a resolution.
Interesting, having run it does not contain the NSContactsUsageDescription key.

All i get is :

{
  "com.apple.security.cs.allow-jit" => 1
  "com.apple.security.cs.allow-unsigned-executable-memory" => 1
  "com.apple.security.cs.disable-library-validation" => 1
}

So it looks to not be an issue with my use of the module, rather, in my case electron-builder, which is doing the packaging ...perhaps ....

Following the docs for Mac App Store (MAS) build generation > https://www.electron.build/configuration/mas < i am confident i am pointing to the entitlements file correctly in my package.json.

For completeness i was also looking into electron-builder's default plist file (the one used in case none is specified) > https://github.com/electron/osx-sign/blob/main/entitlements/default.mas.plist < and none of the keys match any i am using (specifying in "my" plist file).

This leaves me feeling confident that "my" plist file is getting used, however , very oddly, it is missing

<key>NSContactsUsageDescription</key>
       <string>Your reason for wanting to access the Contact store</string>

Not sure if @KishanBagaria , in your experience another packager is preferred by the electron community? I am an electron newbee.

[KishanBagaria]

We use electron-builder too. NSContactsUsageDescription isn't an entitlement, it'll be present in Info.plist. com.apple.security.personal-information.addressbook should be present in the codesign command I mentioned earlier.

Try setting "entitlements": "./build/electron/entitlements.mac.plist" for mac as well as mas. Could try moving the file too.

[ElliotCambo]

@KishanBagaria thank you so much for your suggestion.

So quick update , i have amended the package.json as per your suggestions, and removed the NSContactsUsageDescription key from the entitlements file. Now running :
codesign -d --entitlements :- /Applications/AppName.app | plutil -p -

gives me something that looks much more healthy

{
  "com.apple.application-identifier" => "UDHEBFGSET.com.wowfresh.freshmeup-desktop"
  "com.apple.developer.team-identifier" => "UDHEBFGSET"
  "com.apple.private.tcc.manager.check-by-audit-token" => 1
  "com.apple.security.app-sandbox" => 1
  "com.apple.security.application-groups" => [
    0 => "UDHEBFGSET.com.wowfresh.freshmeup-desktop"
  ]
  "com.apple.security.automation.apple-events" => 1
  "com.apple.security.inherit" => 1
  "com.apple.security.personal-information.addressbook" => 1
}

However the app cannot be launched, i get a pop up (both for the dmg and app versions saying "The application “WowFresh” can’t be opened.".

Looking in the console i see a new error :

embedded provisioning profile not valid . Error Domain=CPProfileManager Code=-215 "Only Development Provisioning Profiles can be installed in System Preferences. Production Provisioning Profiles are imported within Xcode."

So i think i now just need to use a non production provisioning profile and i might be in the clear, i will report back when i've tried that. Thank you again.

[sumersao]

I'm having this issue, but just when running from terminal. Any ideas? @KishanBagaria @ElliotCambo ?