iOS Credential Provider Extension Not Offered When Creating Passkeys

I'm developing an iOS app that contains a Credential Provider Extension, and I want it to support passkeys. I've set the ProvidesPasskeys key to YES in the Info.plist of the extension, and in the CredentialProviderViewController I've implemented:

func prepareCredentialList(
    for serviceIdentifiers: [ASCredentialServiceIdentifier]
)
func provideCredentialWithoutUserInteraction(
    for credentialRequest: ASCredentialRequest
)
func prepareInterfaceToProvideCredential(
    for credentialRequest: ASCredentialRequest
)
func prepareInterface(
    forPasskeyRegistration registrationRequest: ASCredentialRequest
)

Standard password autofill suggestions that I have added to the system store are presented to me when I arrive to the corresponding login page, and the autofill flow succeeds via my extension. When I attempt to create a new passkey on my iPhone, whether it be in Safari on a website that supports passkeys (e.g. google.com) or within a native app that supports the creation of passkeys (e.g. PayPal), I am not given the option to create a passkey using my extension. The only option that is provided to me is the builtin Keychain option. On the "Settings->Passwords->Password Options" page I have "AutoFill Passwords and Passkeys" switch on and in the section titled "USE PASSWORDS AND PASSKEYS FROM:". I have selected both my app and "iCloud Passwords & Keychain". If I uncheck "iCloud Passwords & Keychain" and then attempt to create a passkey then I am shown a system sheet which tells me to go to the settings page to "choose how to manage passkeys".

Any ideas on how to troubleshoot this situation?

Thanks very much!

-Jeremy

Answered by Systems Engineer in 778335022

The symptoms you're describing sound like ProvidesPasskeys may not be set correctly. Can you double check that you've set in the right place and there are no typos? Info.plist > NSExtension > NSExtensionAttributes > ASCredentialProviderExtensionCapabilities > ProvidesPasskeys = YES

While you're there, make sure you're also setting ProvidesPasswords = YES to ensure your credential provider works as expected on all platforms.

Accepted Answer

The symptoms you're describing sound like ProvidesPasskeys may not be set correctly. Can you double check that you've set in the right place and there are no typos? Info.plist > NSExtension > NSExtensionAttributes > ASCredentialProviderExtensionCapabilities > ProvidesPasskeys = YES

While you're there, make sure you're also setting ProvidesPasswords = YES to ensure your credential provider works as expected on all platforms.

You are exactly right, thank you! Evidently I was not careful enough when comparing the working Mac extension to the not-working iOS extension - in the iOS Info.plist I was using NSExtension > ASCredentialProviderExtensionCapabilities > ProvidesPasskeys = YES. Now the system offers my extension when creating passkeys.

Now my iOS extension is suffering the same problem as my Mac extension, so if you have a chance to lend a helping hand on that one I would be hugely appreciative.

I have some issue for PassKey

Question:

  1. Any recommendations on the crypto library for generating passkeys?
  2. when the passkeys have been generated, how do we pass it back to the system?

Thank you.

I'm getting this error

SUB: Passkey registration failing while implementing a third party passkeys manager

We are implementing a 3rd party Passkeys Manager app for ios. In the ios app in the CredentialProviderViewController I've implemented:

func prepareCredentialList(
    for serviceIdentifiers: [ASCredentialServiceIdentifier]
)
func provideCredentialWithoutUserInteraction(
    for credentialRequest: ASCredentialRequest
)
func prepareInterfaceToProvideCredential(
    for credentialRequest: ASCredentialRequest
)
func prepareInterface(
    forPasskeyRegistration registrationRequest: ASCredentialRequest
)

When testing on webpages like webauthn.io and webauthn.me , our app shows up as one of the options for creating a passkey.

We are getting the calls in prepareInterface() and handling it as advised here https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller/4172626-prepareinterface/

However the registration is failing. I understand that in this function, we need to create a passkey using a crypto library and then call completeRegistrationRequest(using:completionHandler:)

The documentation on this is scant so it is hard to debug for this reason. Need help fixing this issue. What could we be missing? Is there any sample code for overriding these functions? Any recommendations on the crypto library for generating passkeys When the passkeys have been generated, how do we pass it back to the system?

iOS Credential Provider Extension Not Offered When Creating Passkeys
 
 
Q