Inquiry on Automatic Passkey Upgrades in iOS 26

Privacy & Security General
hissummer OP
Created Aug ’25
Replies 1
Boosts 0
Views 419
Participants 2

Hi everyone,

I’m working on adapting our app to iOS 26’s new passkey feature, specifically Automatic Passkey Upgrades. https://developer.apple.com/videos/play/wwdc2025/279/

Our app already supports passkey registration and authentication, which have been running reliably in production. We’d like to extend passkey coverage to more users.

According to the WWDC session, adding the parameter requestStyle: .conditional to createCredentialRegistrationRequest should allow the system to seamlessly upgrade an account with a passkey. However, in my testing, I consistently receive the following error:

Error | Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1001 "(null)"

Test environment:

  • Xcode 26.0 beta 4 (17A5285i)
  • iPhone 11 running iOS 26.0 (23A5297n)

Questions:

  1. Is the Automatic Passkey Upgrades feature currently available in iOS 26?
  2. I understand that the system may perform internal checks and not all upgrade attempts will succeed. However, during development, is there a way to obtain more diagnostic information? At the moment, it’s unclear whether the failure is due to internal validation or an issue with my code or environment.

Thanks.

Replies  1
Boosts  0
Views  419
Participants  2
Rodrigue2g OP
1w

Hi,

I have the same issue as well, with everything running on version 26.0 (MacOS, Xcode & iOS).

When testing from an app built in swift,

try await credentialUpdater.reportAllAcceptedPublicKeyCredentials(
  relyingPartyIdentifier:"example.com",
  userHandle: "user-id",
  acceptedCredentialIDs: []
)

returns the following error: com.apple.AuthenticationServices.AuthorizationError error 1004. I tried with both the userHandle (user id) encoded in Base64url or not encoded and it always returned the same error.

I also then tried to call this with the webAPI on Safari 26.0 or Chrome 140(.0.7339.133):

if(PublicKeyCredential.signalAllAcceptedCredentials) {
  await PublicKeyCredential.signalAllAcceptedCredentials({
    rpId: "example.com",
    userId: "M2YPl-KGnA8", // base64url-encoded user ID
    allAcceptedCredentialIds: [
      // A list of base64url-encoded credential IDs
      "vI0qOggiE3OT01ZRWBYz5l4MEgU0c7PmAA",
      // …
    ],
  });
}

On safari the Promise never resolves and on chrome, it does resolve but still doesn't remove any credential.

This leads me to think that there might be an issue with the internal API from Apple.

Thank you in advance to anyone who has more informations about this.

0
Inquiry on Automatic Passkey Upgrades in iOS 26
First post date Last post date
 
 
Q