Move beyond passwords

RSS for tag

Discuss the WWDC21 session Move beyond passwords.

View Session

Posts under wwdc21-10106 tag

13 results found
Sort by:
Post not yet marked as solved
113 Views

i want to add lock app feature, like iOS lock.

Can I add a lock screen on my iOS app? my requirement is : whenever a user opens the app, he/she need to unlock the app first then only he/she can operate the app.
Asked
by DBox.
Last updated
.
Post not yet marked as solved
294 Views

Missing credential ID after finished createCredentialAssertionRequest call

I tried to use Passkeys with our own FIDO-Server, but i encountered a problem. After the user confirmed the authenticationRequest created with createCredentialAssertionRequest you get a ASAuthorizationPlatformPublicKeyCredentialAssertion. When i send the contents of it to our sever it fails, because it doesn't known which credential public key it should use to verify the signature. The browser webauthn API returns something like this: { "id": "...", "rawId": "...", "type": "public-key", "response": { "authenticatorData": "...", "clientDataJSON": "...", "signature": "...", "userHandle": "..." } } where id is the credential id used to sign the challenge, which our FIDO-Server can use to look up the public-key in its database. With the current state of the iOS API our server would need to look up all public keys for the user and then try one by one in order to verify the signature. So my question is, am i missing something? Or is this intended behaviour?
Asked
by Freddys.
Last updated
.
Post not yet marked as solved
458 Views

fmt value is "none" on ASAuthorizationPlatformPublicKeyCredentialRegistration

When retrieving the ASAuthorizationPlatformPublicKeyCredentialRegistration, the decoded fmt value of rawAttestationObject is none instead of apple. Is this currently expected?
Asked Last updated
.
Post marked as solved
239 Views

Shiny Demo Application

In the recent Move Beyond Passwords developer video, a demo application, called 'Shiny' is shown as part of the lecture. It's stated in the transcript of the video that the source code for the demo application can be found in the related links posted with the video. However, it does not appear that such a link exists. Is this demo application source available anywhere else? If not, will it be posted at a later date? Thanks.
Asked Last updated
.
Post not yet marked as solved
230 Views

NFC Security Key Support on MacOS

It's currently possible to use a security key (ex. Yubikey 5 NFC) with an iPhone via NFC, but such functionality is seemingly not possible on any current versions of MacOS. Is support for NFC hardware authenticators (over an NFC-to-USB interface/device, such as the ACS ACR122U) planned for MacOS Monterey or any future release?
Asked Last updated
.
Post marked as solved
213 Views

ASAuthorizationController's biometric sign in modal's message missing Relying Party name

Hi, I've been recently testing the new WebAuthn support in ASAuthorizationController. I've noticed a small UI inconvenience in my app. The biometric modal displayed on assert request shows: Do you want to sign to "" as "marcin"? or Choose an account to sign in to "". when having more than one key enrolled. Looks like the relyingPartyIdentifier is not used. Is there any other property I should set to ensure the message contains the right service identifier? Many thanks!
Asked
by marcin_.
Last updated
.
Post not yet marked as solved
313 Views

Unable to complete associated domain check

Hi, When attempting to perform a credential registration, I constantly get the error Application with identifier <...> is not associated with domain <domain> I've verified the following: The file is present on the required URL path https://123.com/.well-known/apple-app-site-association { "webcredentials": { "apps": [ "<PREFIX>.bundleID" ] } } Added the Capabilities to my domain Confirmed that the CA is valid and there are no redirects. Am I missing something? My device is able to properly access the file
Asked Last updated
.
Post not yet marked as solved
204 Views

Enablement of Passkeys/WebAuthn API in iOS 15

Hi, Currently, Passkeys/WebAuthn API is behind a feature toggle. In iOS, turn on the Syncing Platform Authenticator switch under Settings > Developer. The Developer menu is available on your device when you set it up as a development device in Xcode. Is this API going to be enabled by default in the official iOS 15 release?
Asked
by marcin_.
Last updated
.
Post not yet marked as solved
189 Views

ASAuthorizationController assert request with "webauth.create" type

Hi, I'm playing with the new improvements to the ASAuthorizationController allowing to leverage WebAuthn API (e.g. ASAuthorizationPlatformPublicKeyCredentialRegistration and ASAuthorizationPlatformPublicKeyCredentialAssertion). I've spotted an odd behaviour when validating assert requests. Here is a small snippet of what's happening in my app: // requesting assertion         let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(             relyingPartyIdentifier: response.rp.id         )         let assertionRequest = publicKeyCredentialProvider.createCredentialAssertionRequest(challenge: response.challenge) ... // in delegate `assertRequest` is being sent to the server             let assertRequest = AssertRequest(                 user: user,                 signature: credentialAssertion.signature,                 authData: credentialAssertion.rawAuthenticatorData,                 clientData: credentialAssertion.rawClientDataJSON,                 userId: credentialAssertion.userID             ) According to "5.1.4 Use an Existing Credential to Make an Assertion - PublicKeyCredential’s [[Get]] Method" of the WebAuthn spec, the ClientData field should contain type "webauthn.get", but looks it always has "webauthn.create" value and fails my validation. Has anyone else experienced similar issue? I was testing my app on the latest Xcode 13 beta2 and running the app on iOS 15 beta2.
Asked
by marcin_.
Last updated
.
Post marked as solved
277 Views

Attestation format "apple"

Hi all, When registering a WebAuthn credential using FaceID, in the fmt field of the returned AuthenticatorAttestationResponse.attestationObject, (as per section 8 (Defined Attestation Statement Formats) of the WebAuthn standards), has a value of "apple". This is not registered in the IANA database (https://www.iana.org/assignments/webauthn/webauthn.xhtml), nor can I find a spec for this attestation format. Could anyone direct me to the spec? Thanks, Q
Asked Last updated
.
Post marked as solved
308 Views

Error enabling Syncing Platform Authenticator in Settings

Hi, When trying to enable this through Settings -> Developer, the Switch constantly turns back Off once leaving and returning to the page. Attempting to use the Platform authenticator according to the steps here Leads to the error: The operation couldn't be completed. Syncing platform authenticator must be enabled to register a platform public key credential; this can be enabled in Settings > Developer.
Asked Last updated
.
Post not yet marked as solved
437 Views

Notes from Move Beyond Passwords (Wednesday, June 9th 2021)

I took notes during the "Move Beyond Passwords" session. If interested, please see the attached "Notes from session": Notes from session For the session video, please see the following link: https://developer.apple.com/wwdc21/10106
Asked
by rtrouton.
Last updated
.