iOS passkey provider help

199 views
Skip to first unread message

David Pettey

unread,
Jan 20, 2024, 9:22:05 PMJan 20
to FIDO Dev (fido-dev)
Hi all, I currently have passkey registration and authorization working correctly on webauthn.io 

If I attempt to create/verify keys on the other test sites (https://passkeys.dev/docs/demos-examples/demos/), however, it creates the key but fails on the verification portion with a non specific error. If I attempt to create a passkey for google it fails on creation...

Is there a difference between the information needed between specific sites in order to get consistent results? 

I've also seen https://developer.apple.com/forums/thread/737313?answerId=764473022#764473022 saying that google expects the CBOR to be mapped in a specific order.. Is there any documentation to get the CBOR to map correctly?

And is this required for the demo sites as well?

Adam Langley

unread,
Jan 24, 2024, 9:21:48 AMJan 24
to FIDO Dev (fido-dev), David Pettey
All CBOR is this context is required to conform to the encoding rules. The level of strictness of sites varies, but if you follow the rules then you can exclude this as a possible source of the issues.


Cheers

AGL

David Pettey

unread,
Jan 24, 2024, 4:40:49 PMJan 24
to FIDO Dev (fido-dev), Adam Langley, David Pettey
Is there anything specific about the level of strictness between sites that I can test for? 

For instance my code works on https://passkey.org/ perfectly

However, I can create a key on https://github.com/ but the verification is failing. I'm fairly confident I'm following the specs correctly. So why would my code work on some sites and not others. I'm on iOS, I know there have been some differences with the flags required, could that be a cause?

David Pettey

unread,
Feb 1, 2024, 9:49:42 AMFeb 1
to FIDO Dev (fido-dev), David Pettey, Adam Langley
Hey guys, so I've been able to track down the specific problem here.

It looks like the userHandle is supposed to be a user Id which is given to me by the client. 
However, on iOS during registration I only have access to the 

ASPasskeyCredentialRequest.credentialIdentity.user

Does anyone know how we're supposed to get the userHandle on iOS?

Adam Langley

unread,
Feb 1, 2024, 9:59:04 AMFeb 1
to David Pettey, FIDO Dev (fido-dev)
On Thu, Feb 1, 2024 at 6:49 AM David Pettey <davida...@gmail.com> wrote:
Hey guys, so I've been able to track down the specific problem here.

It looks like the userHandle is supposed to be a user Id which is given to me by the client. 
However, on iOS during registration I only have access to the 

ASPasskeyCredentialRequest.credentialIdentity.user

Does anyone know how we're supposed to get the userHandle on iOS?

I am completely unfamiliar with the provider side of the iOS API, but the user ID should be passed during credential creation and must be persisted by the provider. E.g. it's userID here: https://developer.apple.com/documentation/authenticationservices/asauthorizationpublickeycredentialregistrationrequest


Cheers

AGL

My1

unread,
Feb 1, 2024, 10:28:52 AMFeb 1
to David Pettey, FIDO Dev (fido-dev), Adam Langley
What is the content of that? Ideally (if it's the same as what i think it might be) it should have name (a more or less unique identifier to differentiate users on a site eg an email address), displayName (a "fancy" name that can but doesn't have to identify the user perfectly) and id (that's your user handle as far as i remember)

Regards 
My1

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/92a551c9-17b6-4d6f-b59c-693e44ebbf58n%40fidoalliance.org.

David Pettey

unread,
Feb 1, 2024, 10:41:03 AMFeb 1
to FIDO Dev (fido-dev), My1, FIDO Dev (fido-dev), Adam Langley, David Pettey
The problem is on iOS I am required to override the method https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller/4172626-prepareinterface
which gives me an ASCredentialRequest of type ASPasskeyCredentialRequest. I'm not sure how to get to the ASAuthorizationPublicKeyCredentialRegistrationRequest protocol from that context. 

David Pettey

unread,
Feb 1, 2024, 10:50:07 AMFeb 1
to FIDO Dev (fido-dev), David Pettey, My1, FIDO Dev (fido-dev)
The content of the ASPasskeyCredentialRequest.credentialIdentity.user is just a name (like an email address). 

My1

unread,
Feb 1, 2024, 11:02:15 AMFeb 1
to David Pettey, FIDO Dev (fido-dev)
any other interesting properties?

this credential request is initialized using the passkey credential identity, which likely gets mapped to the ASPasskeyCredentialRequest.credentialIdentity

and the credential Identity allegedly has some properties that could help, notably
var userHandle: Data

David Pettey

unread,
Feb 1, 2024, 1:36:49 PMFeb 1
to FIDO Dev (fido-dev), My1, FIDO Dev (fido-dev), David Pettey
Omg that was it, I was thinking I had to create that Identity and didn't realize I could cast the one they gave me :facepalm: 

Thank you so much! This has been such a pain to figure out. 

Joshua Zhao

unread,
Feb 24, 2024, 1:54:37 PMFeb 24
to FIDO Dev (fido-dev), David Pettey, My1, FIDO Dev (fido-dev)
I have a follow-up question, which I hope someone could shed some light on: how to access other info through ASAuthorizationPublicKeyCredentialRegistrationRequest such as attestationPreference. I don't seem to see how we can access it through ASPasskeyCredentialRequest in prepareInterface(forPasskeyRegistration:) for iOS. And, do we have access to WebAuthn extensions?

Thanks,
Joshua
Reply all
Reply to author
Forward
0 new messages