Discuss the WWDC23 Session Deploy passkeys at work

RSS for tag

Deploy passkeys at work

View Session

Posts under wwdc2023-10263 tag

11 Posts
Sort by:
Post not yet marked as solved
3 Replies
541 Views
Does the passkey created using third party provider model get synced to iCloud Keychain? If yes, can we avoid that using the attestation object somehow to have it ties to the device where it was created? Being new to this domain, I am not sure if I am asking a right question.
Posted Last updated
.
Post not yet marked as solved
7 Replies
632 Views
what could be the reason that we after saving and deleting the same list of [ASPasskeyCredentialIdentity], the credential still show up in the OS UI (quick type bar or when tapping the password key icon on top of the keyboard). does that mean the remove operation fail? but our log indicate that the removeCredentialIdentities completion closure succeed without error. and for the ASPasskeyCredentialIdentity initialization, we fill in the parameters from the same object, so we believe the id parameter shall be the same (which identify the same ASPasskeyCredentialIdentity to be saved and removed) what could be the reason that it is still showing up in the OS UI? is this a know issue?
Posted
by zhisliu.
Last updated
.
Post not yet marked as solved
0 Replies
307 Views
Hey there I'm facing problem with create passkey .pkpass, the problem is I've to create a passkey using certificate created by macOS then upload on the appstore then import to the key chain then I can create a .pkpass but I wanna create it in my Django server for my customers when ever customer create their digital business card. when I created in my another MacBook where that certificate not imported the .pkpass is not going to create, and if I create it on any way it is not going to open. please help me how I can create it for my each customer on server dynamically.
Posted
by HBilal_9.
Last updated
.
Post not yet marked as solved
1 Replies
473 Views
We are trying to support Passkey Management in our app with the latest iOS 17 Passkey Autofill. During this process, we have a few doubts and queries: First, we have configured the AutoFill extension for external passkey management Next we used the 'prepareInterface(forPasskeyRegistration:' delegate for passkey generation We are facing an issue on creating the attestationObject for ‘ASPasskeyRegistrationCredential’. Here, we’re not sure if we need to create the attestationObject [if so any documentation or help regarding this] or is there any API to get the attestationObject which we are missing. override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) { let request = registrationRequest as! ASPasskeyCredentialRequest let passkeyRegistration = ASPasskeyRegistrationCredential(relyingParty: request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(UUID().uuidString.utf8), attestationObject: "????") extensionContext.completeRegistrationRequest(using: passkeyRegistration) } Even we have tried passing the hardcoded attestationObject[we used the existing attestationObject received using icloud keychain] , still we got empty ‘ClientDataJSON’ on ‘authorizationController(controller:’ delegate.
Posted
by Sathish95.
Last updated
.
Post not yet marked as solved
1 Replies
744 Views
Hey Folks, I'm currently building an SDK that will manage the creation and authentication of the passkeys for my users, and this SDK can be integrated on 3rd party apps that are out of my direct control. The scenario of when this SDK will be used is like when you have an app that you can link your account with LinkedIn, to get some info about you there and need to log in with your Linkedin account. So, the app itself that is consuming the SDK can have a passkey, and this "link account" feature (SDK) will also manage its passkey creation and authentication. Based on this I have a couple of questions: Can I grant only grant the associated domains/webcredentials entitlements to my SDK, such that the SDK is the only part allowed to create or access my passkeys but the app that consumes that SDK can only call the functionality exposed by the SDK, and not directly have the privileges to create and access my passkeys nor my iCloud Keychain? If 1 is not possible, what other options do I have? I imagine that if I give to access these 3rd party apps that consume my SDK to my associated domain webcredentials, I also will give them permission to them, to create passkeys in my name, using my RPID, and this is a really insecure scenario, so a no go. May you folks help me to understand the best course of action in this scenario? Thanks!
Posted
by RafaeLima.
Last updated
.
Post not yet marked as solved
1 Replies
1k Views
The WWDC23 video on deploying passkeys at Work (https://developer.apple.com/videos/play/wwdc2023/10263/?time=633) talks about a Corporate CA Server signing the Identity Certificate for the passkey, which can be further used during registration with the relying party. Where can I find more information on what protocol and specification this Corporate CA should follow here ? Is this based on protocols such as SCEP/ ACME (or) something else ? Also, where I can find information on what verification this Corporate Server can follow before signing that Identity Cert?
Posted
by venkyg.
Last updated
.
Post not yet marked as solved
0 Replies
581 Views
I took notes during the "Deploy passkeys at work" session. If interested, please see the attached "Notes from session": Notes from session For the session video, please see the following link: https://developer.apple.com/wwdc23/10263
Posted
by rtrouton.
Last updated
.