How to Hide the "Save to Another Device" Option During Passkey Registration?

Privacy & Security General
Maken OP
Created 3w
Replies 1
Boosts 0
Views 247
Participants 1

I'm working on integrating Passkey functionality into my iOS app (targeting iOS 16.0+), and I'm facing an issue where the system dialog still shows the "Save to another device" option during Passkey registration. I want to hide this option to force users to create Passkeys only on the current device.

1. My Current Registration Implementation

Here’s the code I’m using to create a Passkey registration request. I’ve tried to use ASAuthorizationPlatformPublicKeyCredentialProvider (which is supposed to target platform authenticators like Face ID/Touch ID), but the "Save to another device" option still appears:

`// Initialize provider for platform authenticators let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier: domain)

// Create registration request
let registrationRequest = provider.createCredentialRegistrationRequest(
    challenge: challenge,
    name: username,
    userID: userId
)

// Optional configurations (tried these but no effect on "another device" option)
registrationRequest.displayName = "Test Device"
registrationRequest.userVerificationPreference = .required
registrationRequest.attestationPreference = .none

// Set up authorization controller
let authController = ASAuthorizationController(authorizationRequests: [registrationRequest])
let delegate = PasskeyRegistrationDelegate(completion: completion)
authController.delegate = delegate

// Trigger the registration flow
authController.performRequests(options: .preferImmediatelyAvailableCredentials)`

2. Observation from Authentication Flow (Working as Expected)

During the Passkey authentication flow (not registration), I can successfully hide the "Use another device" option by specifying allowedCredentials in the ASAuthorizationPlatformPublicKeyCredentialAssertionRequest. Here’s a simplified example of that working code:

        let assertionRequest = provider.createCredentialAssertionRequest(challenge: challenge)
assertionRequest.allowedCredentials = allowedCredentials

After adding allowedCredentials, the system dialog no longer shows cross-device options—this is exactly the behavior I want for registration.

3. My Questions

  • Is there a similar parameter to allowedCredentials (from authentication) that I can use during registration to hide the "Save to another device" option?
  • Did I miss any configuration in the registration request (e.g., authenticatorAttachment or other properties) that forces the flow to use only the current device’s platform authenticator?
  • Are there any system-level constraints or WebAuthn standards I’m overlooking that cause the "Save to another device" option to persist during registration?

Any insights or code examples would be greatly appreciated!

Replies  1
Boosts  0
Views  247
Participants  1
Maken OP
3w

Update: Context on Use

Case I’m integrating Passkey into a financial-related app, where security and risk mitigation are top priorities. For compliance and anti-fraud reasons, we want to strictly restrict Passkey creation and usage to the current device only.

The earlier observation (that allowedCredentials works for authentication) gives us hope, but we still haven’t found a way to achieve the same restriction for registration.

Any insights tailored to financial app security requirements would be especially valuable.

1
How to Hide the "Save to Another Device" Option During Passkey Registration?
First post date Last post date
 
 
Q