ASCredentialIdentityStore.removeCredentialIdentities does NOT remove the credential as expected

Question

what could be the reason that we after saving and deleting the same list of [ASPasskeyCredentialIdentity], the credential still show up in the OS UI (quick type bar or when tapping the password key icon on top of the keyboard).

does that mean the remove operation fail? but our log indicate that the removeCredentialIdentities completion closure succeed without error.

and for the ASPasskeyCredentialIdentity initialization, we fill in the parameters from the same object, so we believe the id parameter shall be the same (which identify the same ASPasskeyCredentialIdentity to be saved and removed)

what could be the reason that it is still showing up in the OS UI? is this a know issue?

801

Posted by

zhisliu

Reply

Add a Comment

Answer 1

I have even compared the relyingPartyIdentifier, userName, credentialID, userHandle and recordIdentifier at add time vs remove time, string by string and byte by byte, they look exactly the same yet somehow the removeCredentialIdentities still could not delete the right passkey from the storage. wonder if this is a bug of ASCredentialIdentityStore

Posted by

zhisliu

Add a Comment

Answer 2

below is the code I used to remove the passkey. the log indicate the "Delete result: true, error: nil". and the ASPasskeyCredentialIdentity initialization parameters are exactly the same as those I used at passkey add time (validated through Xcode debugger). yet the passkey can still been seen in the store (shown in quickType Bar as one of the credential option)

        let removePasskey = ASPasskeyCredentialIdentity(relyingPartyIdentifier: passkey.rpId,
                                                        userName: passkey.username,
                                                        credentialID: passkey.keyId,
                                                        userHandle: passkey.userHandle,
                                                        recordIdentifier: passkey.coreDataId)
        
        let store = ASCredentialIdentityStore.shared
        store.getState { state in
            if state.isEnabled {
                ASCredentialIdentityStore.shared.removeCredentialIdentities([removePasskey]) {
                    success, error in
                    print("Delete result: \(success), error: \(error)")
                }
            }
        }

Posted by

zhisliu

Add a Comment

Answer 3

in our latest testing, we found that the ASCredentialIdentityStore.shared.removeCredentialIdentities API works as expected for ASPasswordCredentialIdentity, but fail to remove ASPasskeyCredentialIdentity. and we make sure to use the same set of passkey initialization parameters during testing, so the it cannot be passkey identification issue.

The ASCredentialIdentityStore.shared.removeCredentialIdentities must have some bug when removing ASPasskeyCredentialIdentity. could you take a look into this please? or is there any other way that I can draw Apple's attention to fix this?

Posted by

zhisliu

Add a Comment

Answer 4

I have the same issue.

Posted by

Jafar96

Add a Comment

Answer 5

For me, it works when call it from the extension but not when called from the host app.

Posted by

Jafar96

for me I fail both, from my understanding, the API should work in both as host app should be able to manage the passkey in app.

—
zhisliu

Add a Comment

Answer 6

This is a known issue in 17.0.

Posted by

garrett-davidson

Tested that on iOS 17.1 (21B5045h), issue still persisted. could you ping me when a OS version with the fix come out? thanks

—
zhisliu

Add a Comment

Answer 7

This should be fixed in iOS 17.1 beta 2.

Posted by

garrett-davidson

Add a Comment

ASCredentialIdentityStore.removeCredentialIdentities does NOT remove the credential as expected

Replies