fix: ensure session persistence on IOS

[iykazrji]

Pull Request Checklist

• Did you add new tests and confirm existing tests pass? (yarn test)
• Did you update relevant docs? (docs are found in the site folder, and guidelines for updating/adding docs can be found in the contribution guide)
• Do your commits follow the Conventional Commits standard?
• Does your PR title also follow the Conventional Commits standard?
• If you have a breaking change, is it correctly reflected in your commit message? (e.g. feat!: breaking change)
• Did you run lint (yarn lint:check) and fix any issues? (yarn lint:write)
• Did you follow the contribution guidelines?

---

PR-Codex overview

This PR introduces functionality for securely handling ephemeral private keys using the Keychain in the KeychainHelper.swift file. It updates the NativeTEKStamperImpl.swift to utilize these new Keychain methods for storing and retrieving the private key.

Detailed summary

• Added KeychainHelper.swift to manage ephemeral private keys.
• Implemented savePrivateKeyToKeychain, getPrivateKeyFromKeychain, and deletePrivateKeyFromKeychain methods.
• Updated NativeTEKStamperImpl to retrieve the private key from Keychain and save it if not present.
• Removed direct initialization of ephemeralPrivateKey in create method, replaced with Keychain call.
• Enhanced clear method to delete the private key from Keychain.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
aa-sdk-site	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 21, 2025 6:00pm
aa-sdk-ui-demo	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 21, 2025 6:00pm

[iykazrji]

• fix: ensure session persistence on IOS #1457 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add the label graphite-merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[rthomare]

@iykazrji do you think we could break this PR up? Ideally one that updates the example and another that fixes the bug?

[iykazrji]

Sure! @rthomare , Updated this PR, would be working on updating the examples regardless, so that would come in a separate PR

[rthomare]

Generally looks good just a couple of comments to simplify.

[rthomare]

Thanks for making all these iterations, great work! We are so close just a couple of thoughts.

[rthomare]

Ahh didn't realize we need to update this one. Can we either make a static function for this one, or just make this let inlined in the function.

[iykazrji]

Using var here since we need to modify the query to pass in the kSecValueData in the savePrivateKeyToKeychain() function.

[rthomare]

Yeah still think we should isolate the generation of it, but we should probably do a generator function or something: #1457 (comment)

[iykazrji]

Okay, just made an update to make a local copy of it in the savePrivateKeyToKeychain() function which can then be updated with the kSecValueData . Please help take a look if this is a better implementation.