I store the token received from an API sign in process in the user's keychain. Then for all further requests to the API I get the token from the keychain to send to the API. This happens with each request made to the API. As I have understood the keychain is the right place to store sensitive information, so I'm not storing the token in the user defaults.
On iOS everything works as expected, but on macOS, there's an alert appearing that the App wants access to the keychain. The user can then select to allow it once or to allow it always. This has two major issues:
if the user chooses "once" the dialog will appear over and over again with each request the App does.
if the user chooses "always" the dialog will not appear for some time, but after a while it will reappear nevertheless.
Why is this behavior totally different between iOS and macOS? Or did I forgot to configure something?
From a security point of view, would it be okay to read the token once at the start of the app and store it in a property?
