Meet passkeys

RSS for tag

Discuss the WWDC22 Session Meet passkeys

Posts under wwdc2022-10092 tag

4 Posts
Sort by:
Post not yet marked as solved
2 Replies
1.1k Views
Hi, I referred to the documentation for reset passkeys - https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_passkeys#4047465 , this method createCredentialRegistrationRequest seems to be an instance of ASAuthorizationSecurityKeyPublicKeyCredentialRegistration and returns a registration request of the the type ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest, is this correct? When i tried to integrate the same, it gave "No algorithms specified for ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest" from iOS. So, i tried replacing the registration request with ASAuthorizationPlatformPublicKeyCredentialProvider with same params as expected for createCredentialRegistrationRequest with challenge, username and userId, but it ended up creating one more passkey which I could see in settings. It created new passkey though I expected this to replace existing. is this expected? Also, will this registration request expected to replace ALL passkeys created for this user for this domain or just 1 passkeys matching the user and domain? Please let me know if I missed out anything. Thanks for your help
Posted Last updated
.
Post not yet marked as solved
2 Replies
1.2k Views
WebKit PR #9891 added support for the WebAuthn Large Blob extension in the browser. (Hooray!) Does Apple plan to add support for this extension (or similar, such as PRF) in MacOS and iOS platform authenticators? If so, where can we track this? More context: I've been developing with these extensions using other authenticators. After #9891 I hoped my native platform authenticator on Macbook Pro M1 (with Safari Preview Release 170 on Ventura 13.4) might support largeBlob. But after testing it seems I was mistaken. Thanks!
Posted
by allibell.
Last updated
.
Post marked as solved
1 Replies
538 Views
Hi! 👋 Recently, we added the passkeys feature to our SPM package/demo application. We based our solution on the Apple's sample implementation. However, after some time, we noticed that the ASAuthorizationController.presentationContextProvider configuration is not required. Moreover, the ASAuthorizationControllerPresentationContextProviding.presentationAnchor(for:) method never gets called. We're wondering if there are any unwanted side effects that could be caused by removing this part of the code. We were not able to find any, as everything works the same way as before we removed the presentationContextProvider-related code. However, we're guessing that there must be a good reason why it is included in the demo app 🤔 Also, we're curious about how it works under the hood. Does it use the currently visible UIWindow by default?
Posted Last updated
.
Post not yet marked as solved
5 Replies
3.3k Views
Hey! Is it possible to test passkeys against a locally running server in simulator with self-signed certificate? As far as I can tell, the certificate is trusted on the Simulator and Safari has no trouble communicating with the server or fetching the apple-app-site-association file. The error I'm getting is ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)" Error: ["NSLocalizedFailureReason": Application with identifier FAKETEAMID.com.example.apple-samplecode.Shiny is not associated with domain webauthn-api.local] When running the Shiny example app. There is an apple-app-site-association available in https://webauthn-api.local:7001/.well-known/apple-app-site-association: { "webcredentials": { "apps": [ "FAKETEAMID.com.example.apple-samplecode.Shiny" ] } } And in the Associated Domains, I've added: webcredentials:webauthn-api.local:7001?mode=developer I saw here https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_associated-domains that to use a local server with the apple-app-site-association, one should add ?mode=developer to the entitlement. However, looking at the logs for the server, the simulator does not seem to ever attempt fetching /.well-known/apple-app-site-association file, so the developer mode does not seem to have any effect. Is the developer mode supposed to work with webcredentials service. Documentation linked above doesn't make any exclusions for that.
Posted Last updated
.