Does the passkey created using third party provider model get synced to iCloud Keychain?

Does the passkey created using third party provider model get synced to iCloud Keychain? If yes, can we avoid that using the attestation object somehow to have it ties to the device where it was created? Being new to this domain, I am not sure if I am asking a right question.

It’s not mandatory to use iCloud Keychain for sync. It‘s up to each third-party passkey provider to decide how they will securely create (based on WebAuthn Authenticator Model spec), persist, and optionally sync passkeys.

Apple have intentionally left the implementation details up to the passkey provider, to allow for flexibility.

Hey @letsbondiway1986 ,

The UX flow would be pretty much the same as creating a passkey with iCloud Keychain, but for a third-party provider/passkey manager some additions to that flow might be:

  1. Presenting a screen to unlock the password/passkeys database via biometrics (Face/Touch ID).
  2. Presenting a screen to allow the user to select which vault to save the passkey to (if your app supports vaults).

You can implement the passkeys creation and auth flows using the newly added extensions on ASCredentialProviderViewController:

https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller

Hi @codecomet . As per the answer here, bits 3-5 which pertain to backup eligibility and backup state need to be set to 1 for it to work on iOS. In that case, does the passkey generated using the credential provider extension get synced to a different iPhone/iOS device via iCloud Keychain for the same apple id?

Does the passkey created using third party provider model get synced to iCloud Keychain?
 
 
Q