I want to implement webauthn using WKWebView for my mac application. I want to host the asaa file in the rpid. Below are my site configuration -
Main domain - example.com
Subdomain which has the sign-in view and where webauthn kicks in - signin.example.com
RPID - example.com
Where shall i host the asaa file at domain(example.com) or subdomain(signin.example.com)?
Thanks for your post
I recommend that you review the application links configuration and rules from the troubleshooting guide.
You’ll find this about domain and subdomains:
Make sure your domains and AASA file paths match. To match a root domain and all subdomains with a wildcard, an AASA file should be hosted at:
https://example.com/.well-known/apple-app-site-association
This will only work with the root domain of applinks:example.com and subdomains that are matched with the wildcard applinks:*.example.com. This will not work with specific subdomains like applinks:www.example.com or applinks:foo.example.com.
To match a specific subdomain, an AASA file should be hosted at:
https://www.example.com/.well-known/apple-app-site-association
This will only work with applinks:www.example.com. Each specific subdomain in your applinks should have its own matching AASA file path.
Based on the information provided, you will need to host two AASA file paths for the domain and the subdomain.
I hope this information is helpful. Please do not hesitate to contact me if you have any questions after reviewing the guide.
Albert Pascual Worldwide Developer Relations.
Thanks Albert for the reply. I have concern. I will use webcredentials not applink. It is required for showing the passkey dialog while performing webauthn. Do i still need to add the asaa in both my domain and subdomain?
Thank you for your response and follow-up. Based on the documentation. Web credentials are also managed by the application links within the same domain. Please refer to the following AASA file, where the domain handles web credentials: https://developer.apple.com/documentation/xcode/supporting-associated-domains#Add-the-associated-domain-file-to-your-website
For each subdomain, an AASA file is required. Therefore, I recommend using the same domain with examples.com/login or examples.com/apps instead of using login.example.com, as login.example.com is a distinct subdomain with potentially a different IP address, necessitating a separate AASA file.
I hope this clarifies the situation. Interested in your workflow.
Note: Additionally, please be aware that the AppID remains constant across all AASA files, if you want. The same app can process an unlimited number of AASA files, provided that they are listed in the AASA file.
Albert Pascual Worldwide Developer Relations.