If a user enters the wrong password, when they are asked for their macOS user credentials to access the password of a keychain item, and press "Do not allow" when asked again, the following happens:
-
programmatic access to the keychain item's password using
SecItemCopyMatchingconsistently fails with error OSStatus-25293, yet the user is never prompted to enter their macOS credentials -
programmatic access to the password of any keychain item of the same keychain fails with error
-25293 -
the user is not asked for their credentials again until they manually lock and unlock the login keychain (or any custom keychain the keychain item belonged to) in Keychain Access.app (or perform an action which locks and unlocks the keychain, like log out or restart of macOS)