iOS passkey provider help
192 views
Skip to first unread message
David Pettey
Jan 20, 2024, 9:22:05 PMJan 20
to FIDO Dev (fido-dev)
Hi all, I currently have passkey registration and authorization working correctly on webauthn.io
If I attempt to create/verify keys on the other test sites (https://passkeys.dev/docs/demos-examples/demos/), however, it creates the key but fails on the verification portion with a non specific error. If I attempt to create a passkey for google it fails on creation...
Is there a difference between the information needed between specific sites in order to get consistent results?
I've also seen https://developer.apple.com/forums/thread/737313?answerId=764473022#764473022 saying that google expects the CBOR to be mapped in a specific order.. Is there any documentation to get the CBOR to map correctly?
And is this required for the demo sites as well?
If I attempt to create/verify keys on the other test sites (https://passkeys.dev/docs/demos-examples/demos/), however, it creates the key but fails on the verification portion with a non specific error. If I attempt to create a passkey for google it fails on creation...
Is there a difference between the information needed between specific sites in order to get consistent results?
I've also seen https://developer.apple.com/forums/thread/737313?answerId=764473022#764473022 saying that google expects the CBOR to be mapped in a specific order.. Is there any documentation to get the CBOR to map correctly?
And is this required for the demo sites as well?
Adam Langley
Jan 24, 2024, 9:21:48 AMJan 24
to FIDO Dev (fido-dev), David Pettey
All CBOR is this context is required to conform to the encoding rules. The level of strictness of sites varies, but if you follow the rules then you can exclude this as a possible source of the issues.
Cheers
AGL
David Pettey
Jan 24, 2024, 4:40:49 PMJan 24
to FIDO Dev (fido-dev), Adam Langley, David Pettey
Is there anything specific about the level of strictness between sites that I can test for?
For instance my code works on https://passkey.org/ perfectly
However, I can create a key on https://github.com/ but the verification is failing. I'm fairly confident I'm following the specs correctly. So why would my code work on some sites and not others. I'm on iOS, I know there have been some differences with the flags required, could that be a cause?
For instance my code works on https://passkey.org/ perfectly
However, I can create a key on https://github.com/ but the verification is failing. I'm fairly confident I'm following the specs correctly. So why would my code work on some sites and not others. I'm on iOS, I know there have been some differences with the flags required, could that be a cause?
David Pettey
Feb 1, 2024, 9:49:42 AMFeb 1
to FIDO Dev (fido-dev), David Pettey, Adam Langley
Hey guys, so I've been able to track down the specific problem here.
It looks like the userHandle is supposed to be a user Id which is given to me by the client.
However, on iOS during registration I only have access to the
It looks like the userHandle is supposed to be a user Id which is given to me by the client.
However, on iOS during registration I only have access to the
ASPasskeyCredentialRequest.credentialIdentity.user
Does anyone know how we're supposed to get the userHandle on iOS?
Adam Langley
Feb 1, 2024, 9:59:04 AMFeb 1
to David Pettey, FIDO Dev (fido-dev)
On Thu, Feb 1, 2024 at 6:49 AM David Pettey <davida...@gmail.com> wrote:
Hey guys, so I've been able to track down the specific problem here.
It looks like the userHandle is supposed to be a user Id which is given to me by the client.
However, on iOS during registration I only have access to theASPasskeyCredentialRequest.credentialIdentity.user
Does anyone know how we're supposed to get the userHandle on iOS?
I am completely unfamiliar with the provider side of the iOS API, but the user ID should be passed during credential creation and must be persisted by the provider. E.g. it's userID here: https://developer.apple.com/documentation/authenticationservices/asauthorizationpublickeycredentialregistrationrequest
Cheers
AGL
My1
Feb 1, 2024, 10:28:52 AMFeb 1
to David Pettey, FIDO Dev (fido-dev), Adam Langley
What is the content of that? Ideally (if it's the same as what i think it might be) it should have name (a more or less unique identifier to differentiate users on a site eg an email address), displayName (a "fancy" name that can but doesn't have to identify the user perfectly) and id (that's your user handle as far as i remember)
Regards
My1
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/92a551c9-17b6-4d6f-b59c-693e44ebbf58n%40fidoalliance.org.
David Pettey
Feb 1, 2024, 10:41:03 AMFeb 1
to FIDO Dev (fido-dev), My1, FIDO Dev (fido-dev), Adam Langley, David Pettey
The problem is on iOS I am required to override the method https://developer.apple.com/documentation/authenticationservices/ascredentialproviderviewcontroller/4172626-prepareinterface
which gives me an ASCredentialRequest of type ASPasskeyCredentialRequest. I'm not sure how to get to the ASAuthorizationPublicKeyCredentialRegistrationRequest protocol from that context.
which gives me an ASCredentialRequest of type ASPasskeyCredentialRequest. I'm not sure how to get to the ASAuthorizationPublicKeyCredentialRegistrationRequest protocol from that context.
David Pettey
Feb 1, 2024, 10:50:07 AMFeb 1
to FIDO Dev (fido-dev), David Pettey, My1, FIDO Dev (fido-dev)
The content of the ASPasskeyCredentialRequest.credentialIdentity.user is just a name (like an email address).
My1
Feb 1, 2024, 11:02:15 AMFeb 1
to David Pettey, FIDO Dev (fido-dev)
any other interesting properties?
this credential request is initialized using the passkey credential identity, which likely gets mapped to the ASPasskeyCredentialRequest.credentialIdentity
and the credential Identity allegedly has some properties that could help, notably
var userHandle: Data
David Pettey
Feb 1, 2024, 1:36:49 PMFeb 1
to FIDO Dev (fido-dev), My1, FIDO Dev (fido-dev), David Pettey
Omg that was it, I was thinking I had to create that Identity and didn't realize I could cast the one they gave me :facepalm:
Thank you so much! This has been such a pain to figure out.
Thank you so much! This has been such a pain to figure out.
Joshua Zhao
Feb 24, 2024, 1:54:37 PMFeb 24
to FIDO Dev (fido-dev), David Pettey, My1, FIDO Dev (fido-dev)
I have a follow-up question, which I hope someone could shed some light on: how to access other info through ASAuthorizationPublicKeyCredentialRegistrationRequest such as attestationPreference. I don't seem to see how we can access it through ASPasskeyCredentialRequest in prepareInterface(forPasskeyRegistration:) for iOS. And, do we have access to WebAuthn extensions?
Thanks,
Joshua
Reply all
Reply to author
Forward
0 new messages