When using passkeys stored in iCloud Keychain (Passwords app) via Passkey Autofill in browsers other than Safari, the userVerification parameter is ignored and user verification (UV) is not performed.
As a result, relying party servers that require userVerification = required fail validation because the UV flag is not set, causing passkey authentication to fail.
This issue occurs when the following setting is disabled: Settings → Face ID & Passcode → Use Face ID For → Password AutoFill
The issue is reproducible only with the following combination:
- Non-Safari browsers (e.g. Chrome)
- Passkeys stored in iCloud Keychain (Passwords app)
- Passkey Autofill
The issue does not occur in the following cases:
- Safari with passkeys stored in any credential manager
- Non-Safari browsers using credential managers other than iCloud Keychain
Steps to Reproduce:
- Go to Settings → General → Autofill & Passwords, and enable the Passwords app under “Autofill From”.
- Go to Settings → Face ID & Passcode → Use Face ID For, and disable “Password AutoFill”.
- Open Chrome and navigate to https://webauthn.io
- Enter a username and tap “Register” to create a passkey using the Passwords app (iCloud Keychain).
- On webauthn.io, go to Advanced Settings → Authentication Settings, and set “User Verification” to “Required”.
- Reload the page, tap the input field, and perform Passkey Autofill.
- User Verification is not triggered, and “Authentication failed” is displayed on webauthn.io.
===
This issue has already been reported via Feedback Assistant as FB21756948. I am posting here to confirm whether this behavior is working as intended or represents a bug, and to make other developers aware of the current behavior.