Hi, I referred to the documentation for reset passkeys - https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_passkeys#4047465 , this method createCredentialRegistrationRequest seems to be an instance of ASAuthorizationSecurityKeyPublicKeyCredentialRegistration and returns a registration request of the the type ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest, is this correct? When i tried to integrate the same, it gave "No algorithms specified for ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest" from iOS. So, i tried replacing the registration request with ASAuthorizationPlatformPublicKeyCredentialProvider with same params as expected for createCredentialRegistrationRequest with challenge, username and userId, but it ended up creating one more passkey which I could see in settings. It created new passkey though I expected this to replace existing. is this expected? Also, will this registration request expected to replace ALL passkeys created for this user for this domain or just 1 passkeys matching the user and domain? Please let me know if I missed out anything. Thanks for your help

WebKit PR #9891 added support for the WebAuthn Large Blob extension in the browser. (Hooray!) Does Apple plan to add support for this extension (or similar, such as PRF) in MacOS and iOS platform authenticators? If so, where can we track this? More context: I've been developing with these extensions using other authenticators. After #9891 I hoped my native platform authenticator on Macbook Pro M1 (with Safari Preview Release 170 on Ventura 13.4) might support largeBlob. But after testing it seems I was mistaken. Thanks!

Hey! Is it possible to test passkeys against a locally running server in simulator with self-signed certificate? As far as I can tell, the certificate is trusted on the Simulator and Safari has no trouble communicating with the server or fetching the apple-app-site-association file. The error I'm getting is ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)" Error: ["NSLocalizedFailureReason": Application with identifier FAKETEAMID.com.example.apple-samplecode.Shiny is not associated with domain webauthn-api.local] When running the Shiny example app. There is an apple-app-site-association available in https://webauthn-api.local:7001/.well-known/apple-app-site-association: { "webcredentials": { "apps": [ "FAKETEAMID.com.example.apple-samplecode.Shiny" ] } } And in the Associated Domains, I've added: webcredentials:webauthn-api.local:7001?mode=developer I saw here https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_associated-domains that to use a local server with the apple-app-site-association, one should add ?mode=developer to the entitlement. However, looking at the logs for the server, the simulator does not seem to ever attempt fetching /.well-known/apple-app-site-association file, so the developer mode does not seem to have any effect. Is the developer mode supposed to work with webcredentials service. Documentation linked above doesn't make any exclusions for that.