WKWebView based Browser Yubikey&WebAuthn Support

TLDR: I’m searching for a possibility to allow the usage of passkeys and hardware keys for any website in a wkwebview

INFO: The browser is macOS ONLY

Hi, I couldn’t really find documentation or forums posts on how to implement Webauthn for signin or hardware security keys for a second factor. Or rather where those events are triggered to be handled. In Safari you have that popover, that lets you either authenticate through Passwords or with a security key.

When I visit webauthn.io for testing and click either register or authenticate I get

Told not to present authorization sheet: Error Domain=com.apple.AuthenticationServicesCore.AuthorizationError Code=1 "(null)"
ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)"

If I add

func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping @MainActor (URLSession.AuthChallengeDisposition, URLCredential?) -> Void)

and

func webView(_ webView: WKWebView, authenticationChallenge challenge: URLAuthenticationChallenge, shouldAllowDeprecatedTLS decisionHandler: @escaping @MainActor (Bool) -> Void)

it doesn’t seem to change anything.

I found something about the ASWebAuthenticationSessionWebBrowserSupported entitlement, but by my understanding this is used so a browser can get opened upon some other app calling a ASWebAuthenticationSession.

Has anyone some guidance for me? I feel like webauthn and yubikey support are important security measures for our users.

https://codeberg.org/miakoring/Amethyst/src/branch/main/Amethyst/Shared/ViewComponents/WebKit/WebViewModel.swift is the code for my webviewmodel. Delegates are in the Delecate folder https://codeberg.org/miakoring/Amethyst/src/branch/main/Amethyst/Shared/ViewComponents/WebKit

I'm currently looking for the very same thing. I guess you need to request the "com.apple.developer.web-browser.public-key-credential" entitlement for your App, which will then unlock the Webauthn code within WKWebView. The documentation from Apple doesn't tell much at all, unfortunately.

At least this seems to be the case on the iOS platform when you have the "com.apple.developer.web-browser" entitlement (this entitlement is iOS only).

WKWebView based Browser Yubikey&WebAuthn Support
 
 
Q