Does the passkey created using third party provider model get synced to iCloud Keychain? If yes, can we avoid that using the attestation object somehow to have it ties to the device where it was created? Being new to this domain, I am not sure if I am asking a right question.

what could be the reason that we after saving and deleting the same list of [ASPasskeyCredentialIdentity], the credential still show up in the OS UI (quick type bar or when tapping the password key icon on top of the keyboard). does that mean the remove operation fail? but our log indicate that the removeCredentialIdentities completion closure succeed without error. and for the ASPasskeyCredentialIdentity initialization, we fill in the parameters from the same object, so we believe the id parameter shall be the same (which identify the same ASPasskeyCredentialIdentity to be saved and removed) what could be the reason that it is still showing up in the OS UI? is this a know issue?

Hey there I'm facing problem with create passkey .pkpass, the problem is I've to create a passkey using certificate created by macOS then upload on the appstore then import to the key chain then I can create a .pkpass but I wanna create it in my Django server for my customers when ever customer create their digital business card. when I created in my another MacBook where that certificate not imported the .pkpass is not going to create, and if I create it on any way it is not going to open. please help me how I can create it for my each customer on server dynamically.

Apple's passkeys page at - https://developer.apple.com/passkeys/ now says - Passkeys can now be synced using external providers What is that supposed to mean and how it can be implemented? Are there any APIs provided by the iOS SDK for the same?

We are trying to support Passkey Management in our app with the latest iOS 17 Passkey Autofill. During this process, we have a few doubts and queries: First, we have configured the AutoFill extension for external passkey management Next we used the 'prepareInterface(forPasskeyRegistration:' delegate for passkey generation We are facing an issue on creating the attestationObject for ‘ASPasskeyRegistrationCredential’. Here, we’re not sure if we need to create the attestationObject [if so any documentation or help regarding this] or is there any API to get the attestationObject which we are missing. override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) { let request = registrationRequest as! ASPasskeyCredentialRequest let passkeyRegistration = ASPasskeyRegistrationCredential(relyingParty: request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(UUID().uuidString.utf8), attestationObject: "????") extensionContext.completeRegistrationRequest(using: passkeyRegistration) } Even we have tried passing the hardcoded attestationObject[we used the existing attestationObject received using icloud keychain] , still we got empty ‘ClientDataJSON’ on ‘authorizationController(controller:’ delegate.

For MacOS user accounts, can Passkey be used to login to desktop systems (i.e systems wo biometrics authentication; iMac, Mac mini, Studio, Pro ) accounts? If not available, is this part of the future roadmap?

in https://developer.apple.com/passkeys/ "What’s new", it mentions "Password manager apps can save and offer passkeys on iOS, iPadOS, and macOS." Does it means Apple provide api for developer to do that?

How do I sign into icloud with the new passkey for the apple ID that came with iOS 17?

Hey Folks, I'm currently building an SDK that will manage the creation and authentication of the passkeys for my users, and this SDK can be integrated on 3rd party apps that are out of my direct control. The scenario of when this SDK will be used is like when you have an app that you can link your account with LinkedIn, to get some info about you there and need to log in with your Linkedin account. So, the app itself that is consuming the SDK can have a passkey, and this "link account" feature (SDK) will also manage its passkey creation and authentication. Based on this I have a couple of questions: Can I grant only grant the associated domains/webcredentials entitlements to my SDK, such that the SDK is the only part allowed to create or access my passkeys but the app that consumes that SDK can only call the functionality exposed by the SDK, and not directly have the privileges to create and access my passkeys nor my iCloud Keychain? If 1 is not possible, what other options do I have? I imagine that if I give to access these 3rd party apps that consume my SDK to my associated domain webcredentials, I also will give them permission to them, to create passkeys in my name, using my RPID, and this is a really insecure scenario, so a no go. May you folks help me to understand the best course of action in this scenario? Thanks!

The WWDC23 video on deploying passkeys at Work (https://developer.apple.com/videos/play/wwdc2023/10263/?time=633) talks about a Corporate CA Server signing the Identity Certificate for the passkey, which can be further used during registration with the relying party. Where can I find more information on what protocol and specification this Corporate CA should follow here ? Is this based on protocols such as SCEP/ ACME (or) something else ? Also, where I can find information on what verification this Corporate Server can follow before signing that Identity Cert?

I took notes during the "Deploy passkeys at work" session. If interested, please see the attached "Notes from session": Notes from session For the session video, please see the following link: https://developer.apple.com/wwdc23/10263