Post

Replies

Boosts

Views

Activity

Google passkey creation fails
Hey all, so I currently have a passkey provider application on iOS that works for every RP except for google. I found this post here saying the AttestationObject needs to be an ordered dictionary and can confirm on https://webauthn.me/debugger that my object is an ordered dictionary in the correct format. However, google fails to create the key every time saying generically the passkey can't be saved at this time. I'm just curious if there is something unique about google, like are they maybe whitelisting providers? Or do they require something extra that I need to send? I can't find any other information for why google wouldn't work while everyone else does. Thanks in advance for any help!
1
0
710
Feb ’24
Passkey Provider Assertion Help
Hi all, I'm trying to create a passkey provider application and I can consistently register a passkey through 'prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest)' everywhere that accepts passkeys. However, when I attempt to then use that passkey to sign in with 'provideCredentialWithoutUserInteraction(for credentialRequest: ASCredentialRequest)' My code will work on some sites.. and not others. For instance: https://passkey.org/ and https://webauthn.io/ both work flawlessly. But if I then try to do the same with Github, Uber, or Coinbase (really any application "in the wild") the assertion portion fails with a generic error like "This passkey can't be used anymore." I've debugged every request and response object line by line and can't find a single difference between a site that works, and one that doesn't.. Does anyone know why this could be the case? Here's my assertion code: guard let request: ASPasskeyCredentialRequest = credentialRequest as? ASPasskeyCredentialRequest else { return } // Following specs from here: https://www.w3.org/TR/webauthn/#sctn-signature-attestation-types let hashedRp: [UInt8] = Array(SHA256.hash(data: Data(request.credentialIdentity.serviceIdentifier.identifier.data(using: .utf8) ?? Data([])))) let flags:[UInt8] = [29] // 00011101 - only one that seems to work let counter:[UInt8] = [0, 0, 0, 1] // just for testing, always the first for now until this works let authData = hashedRp + flags + counter let signature = try privateKey.signature( for: Data(authData + request.clientDataHash) ) let response: ASPasskeyAssertionCredential = ASPasskeyAssertionCredential( userHandle: Data(request.credentialIdentity.user.utf8), relyingParty: request.credentialIdentity.serviceIdentifier.identifier, signature: signature.derRepresentation, clientDataHash: request.clientDataHash, authenticatorData: Data(authData), credentialID: Data(credentialId.utf8) ) extensionContext.completeAssertionRequest(using: response) Any help would be very appreciated as I've been stuck on this for a while now.
2
1
880
Jan ’24