Hi, I'm reading different structures on how to construct my signature for verification with PassKeys. I have my key with: publicKeyU2F = b"".join([ (0x04).to_bytes(1, byteorder='big'), key_from_dict.x, key_from_dict.y ]) but when it comes to building the data to verify, I can see two choices...what's the correct format https://medium.com/webauthnworks/verifying-fido2-responses-4691288c8770 signature_base = b"".join( [ authenticator_data_bytes, client_data_hash_bytes, ] ) signature_base_hash = hashlib.sha256() signature_base_hash.update(signature_base) signature_base_hash_bytes = signature_base_hash.digest() or https://www.w3.org/TR/webauthn-2/#sctn-fido-u2f-attestation signature_base = b"".join([ (0x00).to_bytes(1, byteorder='big'), rpidhash, client_data_hash_bytes, credentialId, publicKeyU2F ]) signature_base_hash = hashlib.sha256() signature_base_hash.update(signature_base) signature_base_hash_bytes = signature_base_hash.digest()

Hi all. I'm trying to add passkeys as an authentication method to my app but I'm running into a problem. Based on the new passkey implementation we need to create a challenge every time a user visits the login page. Two questions: If we incorporate passkeys, we will need to create a challenge on the server and store it every time a user even visits the login page. This would make it extremely easy for attackers to DDOS us and fill up our database. Our current solution to this is exclusively IP-based throttling. Is there a better solution recommended by Apple? Ideally we would get the usernames/public keys/credential IDs of the passkeys before the user goes through biometrics to actually use the passkey. That way we could only issue challenges associated with those accounts. Is there a way to do this via the Apple APIs?

Hi, In iOS 16 beta we can see WiFi password list in WiFi Setting. Is there anyway to retrieve this list in my Application? Will it be allowed by Apple? I have take a look at Supporting Passkey and WiFi core but still not see anything useful. Thanks in advanced.