User Authentication

Hi, I’m trying to add authentication for my Flatpak app.

Some items in the app are “protected,” and I only want users to be able to interact with them after entering their system password. I don’t want to build a password system inside the app; I want to rely on Linux’s native authentication.

The only way I found so far is using pkexec or the sudo/unix_chkpwd method. However, the pkexec approach requires --talk-name=org.freedesktop.Flatpak, which seems excessive and sudo/unix_chkpwd method still relies on flatpak-spawn --host and therefore still needs --talk-name=org.freedesktop.Flatpak.

I’m looking for a safe, standard way for a Flatpak app to verify the user via system authentication for these protected actions, without exposing the password or bypassing the sandbox, Any advice?