"No credentials found" when using `ASAuthorizationSecurityKeyPublicKeyCredentialProvider`

Question

Created Apr ’23

Replies 1

Boosts 0

Views 1.7k

Participants 2

I've been trying to use ASAuthorizationSecurityKeyPublicKeyCredentialProvider to implement Webauthn for physical security keys. The API seems simple enough, yet for some reason I get a message saying "no credentials found for this app on this security key" which is... not how FIDO2 Webauthn keys work I don't think?

If I open the website in Safari the same key works fine with browser-based Webauthn, which brings up the exact same native UI for using the key, except without the strange error at the end.

I've triple-checked that the relying party ID is correct (and it is finding the apple-app-site-association file on the server). If that were wrong the entire passkey flow wouldn't even open.

Is there something I might be missing here? Something not configured right on the phone I'm using to test, perhaps?

Boost

Answer 1

Systems Engineer OP

Apple

Apr ’23

Accepted Answer

It depends on whether the credential on the security key is "resident"/"discoverable" (both mean the same thing) or not. A discoverable credential is one that is actually stored on the hardware security key itself, and is the most modern form of security key credential. Prior to discoverable credentials, all security key credentials were non-discoverable and were derived from the allow list rather than stored directly on the hardware device.

Based on your description of the issue, it's likely that your credential is non-discoverable. Because non-discoverable credentials are derived from the allow list, you must set the allowedCredentials property of the ASAuthorizationSecurityKeyPublicKeyCredentialAssertionRequest.

0