macOS 10.15 Beta: Apple event authorization dialogs never show up

I wonder if other users who test macOS 10.15 Catalina can confirm this severe bug I’m experiencing:

The Apple event authorization dialogs never show up - which renders apps useless.

The apps just return an error “Not authorized to send Apple events to ”. The authorization dialog never shows up.

This renders the apps useless, of course, because authorization cannot be granted.

The apps I’m testing are notarized - with Apple Event enabled in Hardening Runtime.

Same apps run with no issues on Mojave.

Latest macOS 10.15 beta (Beta 3)

Do you have an NSAppleEventsUsageDescription string in its Info.plist file?

Yep, NSAppleEventsUsageDescription is there.

Try give 1) Full Disk Access and 2) Control the computer. We are surrounded by concrete fences! :lol:
And…
is this apps 64 bit?

Thanks,

“Full Disk Access” and “Control the Computer” didn’t make a difference. Which I actually think is good - because really those two settings shouldn’t affect anything for a regular app.

Yes, the app is 64-bit.

Ok I will submit this issue as a severe bug to Apple shortly then.

UPDATE:

Ok I misidentified the issue a bit.

The problem is not macOS Catalina - the problem is NOTARIZATION.

When I download the notarized app on Mojave, I have the same issue (that is, Apple event authorization dialogs don’t show up).

If the app is not notarized, there are no issues on either version of macOS.

I guess I need to repost this topic here with the correct subject…

If you have any ideas on why notarization could cause this problem, please let me know!

Sounds like you haven’t given it permission to send Apple events in the hardened runtime settings.

Thanks Shane,

Apple events in the hardened runtime is checked - ever since you pointed me to it in an earlier post a month ago.

Can you try it on another mac, in case it’s just an issue on your computer?

I’m trying it on two Macs…

But regardless, I narrowed it down further:

The problem actually starts right after signing the app (that is, before the actual notarization).

I’m signing the app with a AppleScript droplet.

I also have a separate target with auto-signing enabled. There’s no problem when running the app produced through this target.

So the issue is somewhere with the signing droplet. I’m pretty sure it worked flawlessly before - that’s why I didn’t even care to test the app after the signing stage at this point.

Will work on it.

As a side note. I think Apple should give us a more specific error in cases where Apple Events authorization dialogs are being suppressed for whatever reason - instead of just generic “Not authorized to send Apple events…” on any occasion.

That could be your problem. Are you signing it with the hardened runtime and time-stamp?

You might have better luck using SD Notary.

Ok I think I got to the bottom of it:

In the codesign command, I need to include a path to entitlements file where the com.apple.security.automation.apple-events key is set to YES.

–entitlements path

Once I added this to the signing droplet, all seems to work as expected.

As to SD Notary, it’s a great tool, thanks Shane - but I just need all kind of custom options for my workflow, that’s why I always have to build my own tools. dmg creation, naming convention, custom installers etc.

I did build my notarization app - well hopefully it’s the last piece of the puzzle!

I wonder if you use the entitlements file in your codesign script? Not sure how I missed this requirement and if it’s always needed at all.

The don’t have a script that does signing with the hardened runtime – my script pre-dates it.