about iOS17 passKey

I have many questions about iOS passkey. I'm using my app extension to implement something similar to an iCloud passkey authenticator. I securely store my self-generated keys in the Secure Enclave (SE). I'd like to know how to make the extension execute the prepareInterfaceToProvideCredentialForRequest method instead of provideCredentialWithoutUserInteractionForIdentity. I need to display a UI to obtain my key. Please provide assistance. Thank you.

Up vote post of iceboy Down vote post of iceboy
447 views
Posted by
iceboy
Reply
Add a Comment

Accepted Reply

You can return ASExtensionErrorCodeUserInteractionRequired in order to indicate that you need to present UI. There are more details in the header comments.

Also note that passkeys sync, by definition. Keys that are bound to the Secure Enclave of a single device aren't passkeys, and can't be used by the passkey provider API.

Posted by
garrett-davidson
Up vote reply of garrett-davidson Down vote reply of garrett-davidson
Post marked as solved

  • Thank you for your reply. I have another question. When a web page auto-fills with "Use the xx passphrase to log in to webauthn.io," there's a button below it. Clicking on that button triggers which proxy method, and what would be the recommended way to handle this method?

    iceboy

  • I think the button you're talking about is controlled by prepareCredentialListForServiceIdentifiers:requestParameters:.

    garrett-davidson

  • I added a print statement in there, but I noticed that clicking the button didn't trigger this method. Is there any special configuration required to execute this method?

    iceboy

Replies

You can return ASExtensionErrorCodeUserInteractionRequired in order to indicate that you need to present UI. There are more details in the header comments.

Also note that passkeys sync, by definition. Keys that are bound to the Secure Enclave of a single device aren't passkeys, and can't be used by the passkey provider API.

Posted by
garrett-davidson
Up vote reply of garrett-davidson Down vote reply of garrett-davidson
Post marked as solved

  • Thank you for your reply. I have another question. When a web page auto-fills with "Use the xx passphrase to log in to webauthn.io," there's a button below it. Clicking on that button triggers which proxy method, and what would be the recommended way to handle this method?

    iceboy

  • I think the button you're talking about is controlled by prepareCredentialListForServiceIdentifiers:requestParameters:.

    garrett-davidson

  • I added a print statement in there, but I noticed that clicking the button didn't trigger this method. Is there any special configuration required to execute this method?

    iceboy