Everything was working well in the beta version of iOS 17 and the registration and login were done correctly. However, after installing the public(release) version of iOS 17, the functions "completeRegistrationRequest" and "completeAssertionRequest" do not work properly and their completion result is false. and I faced the "Operation failed" error in the "webauthn" website. What's wrong?

Hi, so I'm trying to use security key authentication using physical keys via the native APIs documented on Apple's developer website but am running into errors I don't understand. The application runs on MacOS. The application is signed with an entitlement that contains the associated domain like so: <key>com.apple.developer.associated-domains</key> <array> <string>webcredentials:example.com?mode=developer</string> </array> I have tried with and without ?mode=developer. Here is the error I get: {"error":"The operation couldn’t be completed. The calling process does not have an application identifier. Make sure it is properly configured."} My application identifier is also configured in the .entitlements file. Here is a rough overview of what I'm trying to do (basically, the auth server I'm contacting provides a challenge, and I want to create an assertion and send it back for verification). Trying to replicate the example from the official docs. let options = try! JSONDecoder().decode(Request.self, from: options.data(using: .utf8)!).publicKey let securityKeyProvider = ASAuthorizationSecurityKeyPublicKeyCredentialProvider(relyingPartyIdentifier: options.rpId) let securityKeyRequest = securityKeyProvider.createCredentialAssertionRequest(challenge: options.challenge.decodeBase64Url()!) let platformProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: options.rpId) let platformKeyRequest = platformProvider.createCredentialAssertionRequest(challenge: options.challenge.decodeBase64Url()!) securityKeyRequest.userVerificationPreference = ASAuthorizationPublicKeyCredentialUserVerificationPreference(rawValue: options.userVerification ?? "preferred") securityKeyRequest.allowedCredentials = [] for credential in (options.allowCredentials ?? []) { let id = credential.id.decodeBase64Url()! let transports = ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor.Transport.allSupported let descriptor = ASAuthorizationSecurityKeyPublicKeyCredentialDescriptor(credentialID: id, transports: transports) securityKeyRequest.allowedCredentials.append(descriptor) } securityKeyRequest.allowedCredentials = [] let authController = ASAuthorizationController(authorizationRequests: [platformKeyRequest, securityKeyRequest]) return run(authController: authController) Happy to provide more context if necessary. Thanks in advance!

Apple rejected our app because when we use the Apple Sign Up button, the full name in the response is empty, but we need the first and last name in our app registration, so, the Text inputs in the app, first and last name is filled empty and we let the users enter those values, but Apple wants the users not to enter the values because the service already returns them but in our case are empty. We are using React native react-native-apple-authentication. Can anyone help us or have the same issue with apple review and how did you fix it?

Hello, I used the new "Autofill Passkey" feature in my app, and all the registration steps were done well, Finally credential is registered in WebAuthn. But the problem is that when I tap on the "GetAssertion" button, instead of showing my autofill extension UI, a QR code is displayed and the function "prepareInterfaceToProvideCredentialForRequest" is not called. what is the problem? (The app is installed on the iPhone with iOS 17)

Hi all! When building with macOS 14 SDK in macOS 14 RC, the Sign In With Apple button(SignInWithAppleButton) stretches its background to occupy the entire window content view. We expect it to be in the area with a red stroke(see the screenshot) Here's the code: struct ContentView: View { var body: some View { SignInWithAppleButton(.signIn, onRequest: { $0.requestedScopes = [.fullName, .email] }, onCompletion: { _ in }) .signInWithAppleButtonStyle(.black) .border(Color.red, width: 3) .padding(80) } } And screenshot: One important addition: the button works, and its hit area remains within that red rectangle. Any help is highly appreciated. Thank you!

I just wrote code for our app to use ASWebAuthenticationSession for 3rd-party authentication (in particular, YUBIKEYS WOOHOO). Our app registers a URI scheme of x-com-kithrup for launch services events, so I used x-com-kithrup-yubi for ASWebAUthenticationSession. Only, I didn't change the back end, so it still redirects to x-com-kithrup://success on a successful login. And... ASWebAuthenticationSession is still calling the handler when it gets a URL with the x-com-kithrup URI, instead of the x-com-kithrup-yubi URI scheme.

Dear developers, In case I want to start building healthcare marketplace app (pharmacies, medical equipments and labs) where every users can search for specific medicine, some Medical equipment and lab test can get a list of pharmacies, labs who provide those products/service. Having said that what could be the best sign in option for (pharmacists, labs, physicians, people/users) on phone number or E-mail or any sign in option that will fit who want to join healthcare app? I want your though guys here as I am trying to have a universal healthcare app that can connect all healthcare people/product/service with people. Thanks in advance for any advice

I am facing one issue while trying to Sign in with Apple. error is as below: "The Operation couldn't be completed (com.apple.AuthenticationServices.AuthorizationError error 1000.)" I get this error as soon as the button is pressed it doesn't even get into the actual sign-in part. I have verified that entitlements file is there with the below content: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC ""> <plist version="1.0"> <dict> <key>aps-environment</key> <string>development</string> <key>com.apple.developer.applesignin</key> <array> <string>Default</string> </array> </dict> </plist> I transferred the project and certificates from another machine. So deleted all the certificates and provisional profiles and recreated them from the new machine but faced an issue. Also, It only happens in exported (Archived build). When I directly install it from Xcode it is working fine. I have followed the official apple document to implement it. below is how I'm requesting the authentication: currentNonce = randomNonceString() let request = ASAuthorizationAppleIDProvider().createRequest() request.requestedScopes = [.fullName, .email] let controller = ASAuthorizationController(authorizationRequests: [request]) request.nonce = currentNonce?.sha256() controller.delegate = self controller.presentationContextProvider = self controller.performRequests() Below are delegates: func authorizationController(controller: ASAuthorizationController, didCompleteWithAuthorization authorization: ASAuthorization) {         switch authorization.credential {         case let appleIDCredential as ASAuthorizationAppleIDCredential: //Authenticated             break         default:             break         } }     func presentationAnchor(for controller: ASAuthorizationController) -> ASPresentationAnchor {         return self.view.window! }     func authorizationController(controller: ASAuthorizationController, didCompleteWithError error: Error) { Utils.showAlert(withMessage: error.localizedDescription) } Any help would be appreciated

Hi, I have a problem with associated domains developing Passkeys app. Adding alternate mode(developer mode) to Associated Domains Entitlement, it works fine. But in non developer mode, CDN doesn't seem to read the AASA file. AASA file's path is: https://(host).(rootdomain)/.well-known/apple-app-site-associtation I checked the TLS certificate conditions and all conditions are met. https://support.apple.com/en-us/HT213464 https://support.apple.com/en-us/HT210176 https://support.apple.com/en-us/102028 Is there another reason why it only works in developer mode? Thanks for your reply.

My App just uses Phone Number Authentication only . There is no Email/Password , Google , FaceBook, Apple or any other Social Authentication. So i just wanted to ask that will my app be accepted by Appstore based on Appstore Guidelines as I am not using Apple Authentication & only using Phone Number Authentication. Your help will mean a lot.

Hi devs!!! Calling createCredentialRegistrationRequestWithChallenge returns the following error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent" UserInfo={NSDebugDescription=connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent} What can be the potential reason?

When we call ASWebAuthenticationSession with preferEphemeral = false macOS generates this dialog with a meaningless "(null)". This looks very odd and scary for a normal person. Why it shows "null" and can we control this to make it meaningful at least?

Hi Team, Is it possible to access the user's birthday and gender when they login with Apple option? I've checked Apple Authentication Services framework but found nothing about it. The only information we can access is user's name and email. However, I received a review note saying that this information is already provided by the Apple Authentication Services framework. Please kindly share the solution or tell me what should I do to resolve this issue. Cheers, Vanto

I'm trying to implement passkeys in my app. I successfully get to the dialog in iOS simulator to register with a Passkey and I can also read the result and see all the right things in credentialRegistration.rawClientDataJSON. The one thing that's not working is when decoding the rawAttestationObject (which should be CBOR as I understand), I find all data defined in the spec (aaguid, credentialIdLength, credentialId) except for the credentialPublicKey! The rawAttestationObject basically ends after the credentialId. I see this both when decoding the rawAttestationObject manually as well as when using WebAuthn libraries on the server, which will give me an "Unexpected end of CBOR data" error. Any ideas why the rawAttestationObject does not contain the public key? For reference, here is the initialization of the Passkey request: let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: options.domain) let registrationRequest = publicKeyCredentialProvider.createCredentialRegistrationRequest(challenge: challenge, name: name, userID: userID) let authController = ASAuthorizationController(authorizationRequests: [ registrationRequest ]) authController.performRequests() And here is how I handle the result: case let credentialRegistration as ASAuthorizationPlatformPublicKeyCredentialRegistration: let rawAttestationObject = credentialRegistration.rawAttestationObject!.base64EncodedString() let credentialID = credentialRegistration.credentialID.base64EncodedString() let rawClientDataJSON = credentialRegistration.rawClientDataJSON.base64EncodedString() let response: PasskeysResponse = [ "attestationObject": rawAttestationObject, "credentialId": credentialID, "clientDataJson": rawClientDataJSON, ] Here is an example for a decoded attestation object: { "rpIdHash": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YViYmW4=", "flags": { "userPresent": false, "userVerified": false, "backupEligibility": true, "backupState": true, "attestedCredentialData": true, "extensionData": false }, "signCount": 425116148, "aaguid": "20318e2d-77fa-f54d-bed7-ba15ccd3fade", "credentialId": "1B1KJf6uYF0AAAAAAAAAAAAAAAAAAAAAAAAAAAAUQW65BAqkeKqu97vbc0Se5R1F3Y+lAQIDJiABIVggtdSX2ZAHsBxU4ja1xP6hCZGUXgUCb6Ipau3stU8rrz4iWCBwhOBWOgwT4yKRnU1hA11thC8+CvjmrCkfq//648cwHg==", "credentialPublicKey": "" } As you can see, it looks all good except for the "credentialPublicKey": "" part.

Hi. I'm trying to develop a passkey app connected with a Webauthn server. There is a problem in the process of creating the Attestation Object. Since I am assigned 8445 port, I need to upload the /.well-known/ directory to that port. In the WebAuthn specification, the RPID should not include the port number. (https://www.w3.org/TR/webauthn-2/#relying-party-identifier) When initializing an ASAuthorizationPlatformPublicKeyCredentialProvider object, if I add the port number to RPID, the passkey UI will work and ASAuthorization object will be checked. But, I don't get authentication from webauthn server because the Attestation Obj is generated with RPID which contains port. Is there any way to specify the port number to check the "well-known" directory? Or is it only possible on port 443? I checked the post, but there is no more feedback, so I'm asking a question. (https://developer.apple.com/forums/thread/730028)

What policy does apply to me as I have a working application that serves contents based on their chosen location or place which does not require any login but for some super users I will open webview where they can authenticate themself and view/change thee only do I still need to provide test credential and any policy that apply to me related to data and privacy as the content will be also shown via webview and my app only served to US region.