Open Radar

 
In my case, I have selected to never save passwords for imgur.com when prompted in Safari. Now when calling SecRequestSharedWebCredential, I receive an entry with "Passwords not saved" as the account and " " (one space) as the password.

May be a duplicate of radar: 25439039 (seen on openradar), but it claimed not reproducible and didn't understand the full situation as a result of being unable to reproduce.

Steps to Reproduce:
Abstract example:
1. Set a site to never remember passwords in Safari
2. Call SecRequestSharedWebCredential(NULL, NULL, ...)
3. Check that credential count > 0 as per documentation
4. Extract the first credential and get the value for kSecAttrAccount and kSecSharedPassword
5. Observe that the value associated with kSecAttrAccount is "Passwords not saved" and the value associated with kSecSharedPassword is " " (single space)

Concrete example:
1. Visit Imgur.com, create an account/sign in and instruct Safari to never remember passwords for this site
2. Download Imgur app (if first time, you are prompted to sign up immediately which will trigger the shared credential request and show an account of "Passwords not saved" as a selectable option.
3. Select the option and note that the password provided is " "

Expected Results:
No shared web credentials should be available (the CFArrayRef in the closure for SecRequestSharedWebCredential should have a CFArrayGetCount of 0)

Observed Results:
The CFArrayRef in the closure for SecRequestSharedWebCredential is > 0 and the first is "Passwords not saved" / " "