Hello all,
I have a standard sign up form on my iOS app with the typical username and password fields. I'm using SwiftUI and have marked my TextField with the correct .textContentType.
TextField("Username", text: $username)
.padding()
.background(Color(.systemGray6))
.cornerRadius(8)
.padding(.bottom, 10)
.textContentType(.username)
I created this function inside the same swift file that I use to handle my registrations and signins.
func fetchChallenge(completion: @escaping (Data?) -> Void) {
let url = URL(string: "https://www.myurl.com/api/generate_challenge.php")!
URLSession.shared.dataTask(with: url) { data, response, error in
if let data = data, error == nil {
completion(data)
} else {
completion(nil)
}
}.resume()
}
This is what this server file looks like.
<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
function generate_challenge() {
$randomBytes = openssl_random_pseudo_bytes(32);
return base64_encode($randomBytes);
}
$challenge = generate_challenge();
$response = array("challenge" => $challenge);
echo json_encode($response);
?>
My first question would be, is this what the new PassKey is expecting as a challenge? It says it should be unique each time, so I'm assuming that it doesn't need to be saved to the database. Is that correct? Or would this be considered to be the public key?
Next, how can I use the examply Shiny PassKey code in SwiftUI to call my functions and use passkeys and keychain? e.g. My custom functions....
func signInWithV1(username: String, password: String)
func signUpWithV1(userName: String, password: String)
My server is a linux server running nginx. I just can't seem to find anything on how to properly do this on the server side. I'm not sure what to save to the database and how you would integrate the above functions into the authorizationController
and how to properly verifiy the let variables in the example code that I found from the Shiny Project.
If anyone has time to explain this I would be extrememly grateful! I'm assuming that I can't just use the Shiny code as is since it says that I need to Verify stuff inside the authorizationController
. As of right now, my app simply saves the username and password to my database and I do checks to ensure the username and password is how I want it on the server side and the same when they login. However, nothing is saved to the keychain or passkey as of right now.
Thanks in advance to anyone who takes the time to explain this in detail! I would be very grateful!!