Problem Saving a ASPasskeyCredentialIdentity

Privacy & Security General
craigaps OP
Created 20h
Replies 1
Boosts 0
Views 104
Participants 1

Hi

I'm developing an app that autofills Passkeys. The app allows the user to authenticate to their IdP to obtain an access token. Using the token the app fetches from <server>/attestation/options.

The app will generate a Passkey credential using a home-grown module - the extension has no involvement, neither does ASAuthorizationSecurityKeyPublicKeyCredentialProvider. I can confirm the passkey does get created.

Next the credential is posted to <server>/attestation/results with the response JSON being parsed and used to create a ASPasskeyCredentialIdentity - a sample of the response JSON is attached.

Here is my save function:

static func save(authenticator: AuthenticatorInfo) async throws {
        guard let credentialID = Data(base64URLEncoded: authenticator.attributes.credentialId) else {
            throw AuthenticatorError.invalidEncoding("Credential ID is not a valid Base64URL string.")
        }

        guard let userHandle = authenticator.userId.data(using: .utf8) else {
            throw AuthenticatorError.invalidEncoding("User handle is not a valid UTF-8 string.")
        }

        let identity = ASPasskeyCredentialIdentity(
            relyingPartyIdentifier: authenticator.attributes.rpId,
            userName: authenticator.userId, // This is what the user sees in the UI
            credentialID: credentialID,
            userHandle: userHandle,
            recordIdentifier: authenticator.id
        )
        
        try await ASCredentialIdentityStore.shared.saveCredentialIdentities([identity])
    }

Although no error occurs, I don't get any identities returned when I call this method:

let identities = await ASCredentialIdentityStore.shared.credentialIdentities(
         forService: nil,
         credentialIdentityTypes: [.passkey]
)

Here is the Info.plist in the Extension:

<plist version="1.0">
<dict>
    <key>NSExtension</key>
    <dict>
        <key>NSExtensionAttributes</key>
        <dict>
            <key>ASCredentialProviderExtensionCapabilities</key>
                <dict>
                    <key>ProvidesPasskeys</key>
                    <true/>
                </dict>
                <key>ASCredentialProviderExtensionShowsConfigurationUI</key>
                <true/>
        </dict>
        <key>NSExtensionPointIdentifier</key>
        <string>com.apple.authentication-services-credential-provider-ui</string>
        <key>NSExtensionPrincipalClass</key>
        <string>$(PRODUCT_MODULE_NAME).CredentialProviderViewController</string>
    </dict>
</dict>
</plist>

The entitlements are valid and the app and extension both support the same group.

I'm stumped as to why the identity is not getting saved. Any ideas and not getting retrieved.

attestationResult.json
Replies  1
Boosts  0
Views  104
Participants  1
craigaps OP
4h

I should also mention I'm targeting iOS 18+ and the passkey generation and save function is happening in the app not the extension. The extension is just for offering a Passkey for attestation.

0
Problem Saving a ASPasskeyCredentialIdentity
First post date Last post date
 
 
Q