CredStore Perform Query error

Question

I am running into an issue while doing API calls to my apps backend, every connection now prompts with

CredStore - performQuery - Error copying matching creds.  Error=-25300, query={
    atyp = http;
    class = inet;
    "m_Limit" = "m_LimitAll";
    ptcl = http;
    "r_Attributes" = 1;
    srvr = "myappsurl.com";
    sync = syna;
}

I am a little lost as I am not sure what is causing this, or what CredStore even does. What purpose does CredStore serve in iOS?

Answer 1

This error occurs when trying to retrieve an URLCredential from URLCredentialStorage for an unknown URLProtectionSpace. e.g.

let protectionSpace = URLProtectionSpace.init(host: host, 
                                              port: port, 
                                              protocol: "http", 
                                              realm: nil, 
                                              authenticationMethod: nil)

var credential: URLCredential? = URLCredentialStorage.shared.defaultCredential(for: protectionSpace)

produces

CredStore - performQuery - Error copying matching creds.  Error=-25300, query={
    class = inet;
    "m_Limit" = "m_LimitAll";
    ptcl = http;
    "r_Attributes" = 1;
    srvr = host;
    sync = syna;
}

Give it a credential for the protection space:

let userCredential = URLCredential(user: user, 
                                   password: password, 
                                   persistence: .permanent)

URLCredentialStorage.shared.setDefaultCredential(userCredential, for: protectionSpace)

and the error goes away next time you try to retrieve the credential.

I am a little lost as I am not sure what is causing this, or what CredStore even does. What purpose does CredStore serve in iOS?

Credential storage on iOS allows users to securely store certificate-based or password-based credentials on the device either temporarily or permanently to the keychain.

I suspect that you have some sort of authentication on your backend server and that server is requesting an authentication challenge to your app (for which no credential exists).

It can probably be safely ignored as returning nil from the URLCredentialStorage is a valid response

Answer 2

I'm not sure why do we get this error when perform requests with Alamofire, but if you do API requests with some token in HTTP headers, you maybe don't need credentials store at all. So we can disable it for our request:

let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = ourHeaders
// disable default credential store
configuration.urlCredentialStorage = nil

let manager = Alamofire.SessionManager(configuration: configuration)
...

No errors after such change.

Answer 3

In my case, I was not initialising Stripe SDK with API key.

        STPPaymentConfiguration.shared().publishableKey = publishableKey

In case of any Stripe operation, we can print the error log, its easy to understand.

        print(error.debugDescription)

Answer 4

This same issue happens to me and I found that if your API URL does not contain a "/" at the end of URL then iOS does not send "Authorization" value to the server. Due to which you will see a message like posted in question in the console.

So Simply add "/" at the end of URL

https://example.com/api/devices/

Answer 5

This is transport error, let's add transport permission like this in plist file:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>

Be careful as that enables connection to any server from your app. Read more on App Transport Security before proceeding. See comment by @kezi

Answer 6

I edited the String that contains the URL to fix this issue:

var myUrl = "http://myurl.com"
myUrl = myUrl.addingPercentEncoding(withAllowedCharacters: .urlFragmentAllowed)!

let url = URL(string: myUrl)

Answer 7

If you get this error, when using AVPlayer, just call .play() on main thread

Answer 8

The cause of me getting this error was due to me accidentally using two spaces between the "Bearer" and access token in my Authorization header.

Incorrect:

request.setValue("Bearer  \(accessToken)", forHTTPHeaderField: "Authorization")

Correct:

request.setValue("Bearer \(accessToken)", forHTTPHeaderField: "Authorization")

Simple mistake, but it took a while to find it.

Answer 9

OK, I had this error, and fought with it for a long time (years) when interacting with my Ruby on Rails app.

I had default credentials set up as described in the accepted answer, but still got the error, and have been relying on a didReceiveChallenge response to supply the credentials - fortunately that worked as a work around.

But! I've just found the solution!

I was working on a hunch that that the protectedSpace fields did not match the Authorization challenge from the Ruby on Rails server - and I looked into the realm field, which seemed to be the only one that was being left undefined.

I started by printing out the server response headers, and although I was able to examine these, they did not include the WWW-Authorization field that would have included the realm field.

I thought this was maybe because my Rails app wasn't specifying the realm, so I started looking at the Rails side of things.

I found I could specify the realm in the call to,

authenticate_or_request_with_http_basic

...which I am using for HTTP Basic authentication.

I wasn't specifying a realm already, so added one,

authenticate_or_request_with_http_basic("My Rails App")

I then added the corresponding string to the protectionSpace,

NSURLProtectionSpace *protectionSpace =
    [[NSURLProtectionSpace alloc] initWithHost:@"myrailsapp.com"
        port:443
        protocol:NSURLProtectionSpaceHTTPS
        realm:@"My Rails App"
        authenticationMethod:NSURLAuthenticationMethodHTTPBasic];

Voila! That worked, and I no longer get the,

CredStore - performQuery - Error copying matching creds.  Error=-25300

Even after specifying the realm in the Rails app, I still don't see it passed in the HTTP header, I don't know why, but at least it works.

Answer 10

The error may also be caused by a Content Security Policy (CSP) that may be too restrictive. In our case, we needed a CSP that is more or less completely open and allows everything. Keep in mind that opening the CSP can be a great security issue (depending on what exactly you're doing in the app).

Answer 11

I got this issue when I tried to open a http-page inside a web-view. But this page contained an popup which was opened first.

When backend team removed this popup everything became OK.

Answer 12

    let credentialData = "\(user):\(password)".data(using: String.Encoding.utf8)!
    let base64Credentials = credentialData.base64EncodedString(options: [])
    let headers = ["Authorization": "Basic \(base64Credentials)"]
    Alamofire.request(url, method: .get, parameters: params,encoding: URLEncoding.default,headers: headers)
                .responseJSON{
            response in
            guard let value =  response.result.value else {return}
                    print(value)
     }

Answer 13

My issue was base64 encoding of an image that was being sent with a rest call

I had previously used

let strBase64 = imageData.base64EncodedString(options: .lineLength64Characters)

But 50% of the time I would get the error above.

I used the following instead which solved my problem...

 let strBase64 = imageData.base64EncodedString()

Answer 14

Had the same issue with Twitter sign in. Turned out I used the the wrong API key.