iOS Credential Provider Extension Not Offered When Creating Passkeys

I'm developing an iOS app that contains a Credential Provider Extension, and I want it to support passkeys. I've set the ProvidesPasskeys key to YES in the Info.plist of the extension, and in the CredentialProviderViewController I've implemented:

func prepareCredentialList(
    for serviceIdentifiers: [ASCredentialServiceIdentifier]
)

func provideCredentialWithoutUserInteraction(
    for credentialRequest: ASCredentialRequest
)

func prepareInterfaceToProvideCredential(
    for credentialRequest: ASCredentialRequest
)

func prepareInterface(
    forPasskeyRegistration registrationRequest: ASCredentialRequest
)

Standard password autofill suggestions that I have added to the system store are presented to me when I arrive to the corresponding login page, and the autofill flow succeeds via my extension. When I attempt to create a new passkey on my iPhone, whether it be in Safari on a website that supports passkeys (e.g. google.com) or within a native app that supports the creation of passkeys (e.g. PayPal), I am not given the option to create a passkey using my extension. The only option that is provided to me is the builtin Keychain option. On the "Settings->Passwords->Password Options" page I have "AutoFill Passwords and Passkeys" switch on and in the section titled "USE PASSWORDS AND PASSKEYS FROM:". I have selected both my app and "iCloud Passwords & Keychain". If I uncheck "iCloud Passwords & Keychain" and then attempt to create a passkey then I am shown a system sheet which tells me to go to the settings page to "choose how to manage passkeys".

Any ideas on how to troubleshoot this situation?

Thanks very much!

-Jeremy

Up vote post of jeremy.a.bannister Down vote post of jeremy.a.bannister
608 views
Posted by
jeremy.a.bannister
Reply
Add a Comment

Accepted Reply

The symptoms you're describing sound like ProvidesPasskeys may not be set correctly. Can you double check that you've set in the right place and there are no typos? Info.plist > NSExtension > NSExtensionAttributes > ASCredentialProviderExtensionCapabilities > ProvidesPasskeys = YES

While you're there, make sure you're also setting ProvidesPasswords = YES to ensure your credential provider works as expected on all platforms.

Posted by
garrett-davidson
Up vote reply of garrett-davidson Down vote reply of garrett-davidson
Post marked as solved
Add a Comment

Replies

The symptoms you're describing sound like ProvidesPasskeys may not be set correctly. Can you double check that you've set in the right place and there are no typos? Info.plist > NSExtension > NSExtensionAttributes > ASCredentialProviderExtensionCapabilities > ProvidesPasskeys = YES

While you're there, make sure you're also setting ProvidesPasswords = YES to ensure your credential provider works as expected on all platforms.

Posted by
garrett-davidson
Up vote reply of garrett-davidson Down vote reply of garrett-davidson
Post marked as solved
Add a Comment

You are exactly right, thank you! Evidently I was not careful enough when comparing the working Mac extension to the not-working iOS extension - in the iOS Info.plist I was using NSExtension > ASCredentialProviderExtensionCapabilities > ProvidesPasskeys = YES. Now the system offers my extension when creating passkeys.

Now my iOS extension is suffering the same problem as my Mac extension, so if you have a chance to lend a helping hand on that one I would be hugely appreciative.

Posted by
jeremy.a.bannister
Up vote reply of jeremy.a.bannister Down vote reply of jeremy.a.bannister
Add a Comment

I have some issue for PassKey

Question:

  1. Any recommendations on the crypto library for generating passkeys?
  2. when the passkeys have been generated, how do we pass it back to the system?

Thank you.

Posted by
jaydip_finava
Up vote reply of jaydip_finava Down vote reply of jaydip_finava
Add a Comment

I'm getting this error

Posted by
jaydip_finava
Up vote reply of jaydip_finava Down vote reply of jaydip_finava
Add a Comment

SUB: Passkey registration failing while implementing a third party passkeys manager

We are implementing a 3rd party Passkeys Manager app for ios. In the ios app in the CredentialProviderViewController I've implemented:

func prepareCredentialList(
    for serviceIdentifiers: [ASCredentialServiceIdentifier]
)

func provideCredentialWithoutUserInteraction(
    for credentialRequest: ASCredentialRequest
)

func prepareInterfaceToProvideCredential(
    for credentialRequest: ASCredentialRequest
)

func prepareInterface(
    forPasskeyRegistration registrationRequest: ASCredentialRequest
)

When testing on webpages like webauthn.io and webauthn.me , our app shows up as one of the options for creating a passkey.

We are getting the calls in prepareInterface() and handling it as advised here https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller/4172626-prepareinterface/

However the registration is failing. I understand that in this function, we need to create a passkey using a crypto library and then call completeRegistrationRequest(using:completionHandler:)

The documentation on this is scant so it is hard to debug for this reason. Need help fixing this issue. What could we be missing? Is there any sample code for overriding these functions? Any recommendations on the crypto library for generating passkeys When the passkeys have been generated, how do we pass it back to the system?

Posted by
jaydip_finava
Up vote reply of jaydip_finava Down vote reply of jaydip_finava
Add a Comment