We are trying to implement the new feature that was introduced in iOS 17, Passkeys Autofill Provider.
We've created a new 'AutoFill Credential Provider' target and embedded it into our host app.
We've implemented the 'CredentialProviderViewController,' which is inherited from 'ASCredentialProviderViewController.'
When we go to 'https://webauthn.io' to trigger the passkeys view, everything is working as expected when we press 'Register.'
The function 'override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest)' is called, but...
We know that we need to call 'self.extensionContext.completeRegistrationRequest(using:)' but we don't know how to construct the response.
We didn't find any examples or explanations of how to use this API. Can someone help us with this?
Thank you.
Post
Replies
Boosts
Views
Activity
It appears that this method from ASCredentialProviderViewController is not being called at all. I am unable to trigger it. Ref
func prepareCredentialList(for serviceIdentifiers: [ASCredentialServiceIdentifier], requestParameters: ASPasskeyCredentialRequestParameters)
I expected it to be triggered when RP has a list of allowCredentials, but I still get:
override func prepareInterfaceToProvideCredential(for credentialRequest: ASCredentialRequest)
Am I missing something?
Looks like a security flow in ASCredentialProviderViewController
Register a new Passkey on foo.example.com
Now iOS 17 (RC) will suggest and permit to select the Passkey to login in bar.example.com, which is agains specs
From specs:
For example, given a Relying Party whose origin is https://login.example.com:1337, then the following RP IDs are valid: login.example.com (default) and example.com, but not m.login.example.com and not com.
Also looks like a bug, in this method:
func prepareInterfaceToProvideCredential(for credentialRequest: ASCredentialRequest)
If I've registered my Passkey for RP foo.example.com and trying to login to bar.example.com (the bug). In ASCredentialRequest.credentialIdentity.serviceIdentifier.identifier is foo.example.com but I am trying to login to bar.example.com, from this we can't understand on what RP is this Passkey used and can't restrict the use of Passkey in case it is used on a wrong RP.
P.S: iCloud Passkeys works as expected.
What is the difference between ASPasskeyCredentialIdentity.userName and ASPasskeyCredentialIdentity.user ?
From https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-displayname there should be only displayName.
How can I trigger, or rather, when is the ASCredentialProviderViewController.prepareOneTimeCodeCredentialList(for:) method triggered? I can't seem to get it to work.
I've added the ProvidesOneTimeCodes key to the Info.plist.
I've added the com.apple.developer.authentication-services.autofill-credential-provider entitlement.
Example of the extension:
class CredentialProviderViewController: ASCredentialProviderViewController {
override func prepareOneTimeCodeCredentialList(for serviceIdentifiers: [ASCredentialServiceIdentifier]) {
print("********************************* prepareOneTimeCodeCredentialList \(serviceIdentifiers)")
}
override func prepareInterfaceForUserChoosingTextToInsert() {
print("********************************* prepareInterfaceForUserChoosingTextToInsert")
}
}
The app is enabled in the AUTOFILL FROM: in Settings App.