UAF iOS sourceApplication parameter

Skip to first unread message

Adric Lloyd

Jul 11, 2021, 8:18:05 PM7/11/21
to FIDO Dev (fido-dev)
My question is regarding the FIDO UAF iOS conformance tool v1.6.1

The specification indicates that one should look at the passed sourceApplication when receiving a URL in the x-callback-url format.

For FIDO UAF Clients, the custom URL scheme handler entrypoint is the openURL() function:

(BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation
Here, the URL above is received via the url parameter. For security considerations, the sourceApplication parameter contains the iOS bundle ID of the relying party application. This bundle ID must be used to verify the application FacetID.

iOS no longer provides the sourceApplication value if the sending application does not originate from the same development team (

The conformance tool seems to expect this value to be passed by the conformance tool in order to pass the tests but this has not been possible. Hardcoding the conformance tool's bundleID has allowed me to pass these tests but this is presumably not a viable option for actual conformance testing.

Can anyone advise on the correct course of action here?


Adric Lloyd

Ackermann Yuriy

Jul 12, 2021, 2:36:41 AM7/12/21
to Adric Lloyd, FIDO Dev (fido-dev)
in sceneDelegate, scene openURLContexts handler, you extract callers application via accessing first url context. Here is the code sample:

class SceneDelegate: UIResponder, UIWindowSceneDelegate {
    func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {
        if let urlContext = URLContexts.first {
            let sourceApplication = urlContext.options.sourceApplication

Yuriy Ackermann
FIDO, Identity, Standards
skype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand

You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit
Message has been deleted

Adric Lloyd

Jul 13, 2021, 2:02:39 AM7/13/21
to FIDO Dev (fido-dev), Ackermann Yuriy, FIDO Dev (fido-dev), Adric Lloyd

Hi Yuri

Thanks for  the information, I've implemented this as you suggested and while the code gets hit I still get nil for the source application from the conformance tool. Ive attached the printout data below.

func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {
        if let urlContext = URLContexts.first {
            let sourceApplication = urlContext.options.sourceApplication

(lldb) po URLContexts
▿ 1 element
  - 0 : <UIOpenURLContext: 0x2833f6080; URL: FidoUAFClient1://x-callback-url/UAF_OPERATION?x-success=FIDOConformaceToolsIonic://x-callback-url/UAF_OPERATION_RESULT&json=ewogICJjaGFubmVsQmluZGluZ3MiIDogIntcbiAgXCJzZXJ2ZXJFbmRQb2ludFwiIDogbnVsbCxcbiAgXCJjaWRfcHVia2V5XCIgOiBudWxsLFxuICBcInRsc1NlcnZlckNlcnRpZmljYXRlXCIgOiBudWxsLFxuICBcInRsc1VuaXF1ZVwiIDogbnVsbFxufSIsCiAgIm1lc3NhZ2UiIDogIntcbiAgXCJ1YWZQcm90b2NvbE1lc3NhZ2VcIiA6IFwiW3tcXFwiaGVhZGVyXFxcIjp7XFxcInVwdlxcXCI6e1xcXCJtYWpvclxcXCI6MSxcXFwibWlub3JcXFwiOjF9LFxcXCJvcFxcXCI6XFxcIlJlZ1xcXCIsXFxcImFwcElEXFxcIjpcXFwiXFxcIn0sXFxcImNoYWxsZW5nZVxcXCI6XFxcIkg5aVc5eUE5YUFYRl9sZWxRb2lfRGhVazUxNEFkOFRxdjB6Q25DcUtEcG9cXFwiLFxcXCJ1c2VybmFtZVxcXCI6XFxcImhlbGxvQHRlc3QuY29tXFxcIixcXFwicG9saWN5XFxcIjp7XFxcImFjY2VwdGVkXFxcIjpbW3tcXFwiYWFpZFxcXCI6W1xcXCIwMDQxIzEwMDRcXFwiXX1dXX19XVwiXG59Igp9&key=O1Dhfh4zPYrVMkAadLOjcH-Zw-i5nCwQxAkXnyhoiWY&state=7BFB0358814B43829530D7E87098D2C2; options: <UISceneOpenURLOptions: 0x2826817c0; sourceApp: (null); annotation: (null); openInPlace: NO; _eventAttribution: (null)>>

(lldb) po sourceApplication


Any idea what might be happening?


Adric Lloyd

Alban Çopja

Jul 28, 2021, 5:21:30 AM7/28/21
to FIDO Dev (fido-dev),, Ackermann Yuriy, FIDO Dev (fido-dev)
I did report the page includes due to my personal id issue veryfications
Reply all
Reply to author
0 new messages