Just to follow up - internally we changed the team ID so there was a mismatch. Updating the app-site-association file to reflect this fixed the issue. Marking as resolved.
https://lickability.com/blog/insidious-bugs-number-3-apple-app-site-association-file/ for a similar issue and resolution
Post
Replies
Boosts
Views
Activity
Thanks @garrett-davidson ! After setting up the entitlements correctly it looks like I can reach the authentication server but I get rejected even saying that my app is not associated with the domain:
response: {"error":"The operation couldn’t be completed. Application with identifier V9WTTPBFK9.com.meta.fido2macos.localDevelopment is not associated with domain internalfb.com"}
log stream | grep fido2 shows the following when I try to send the request:
2023-10-16 10:45:01.552607+0100 0xc24e6 Default 0x19c851 404 0 tccd: [com.apple.TCC:access] AUTHREQ_ATTRIBUTION: msgID=31142.1, attribution={responsible={TCCDProcess: identifier=com.apple.Terminal, pid=2381, auid=501, euid=501, responsible_path=/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal, binary_path=/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal}, requesting={TCCDProcess: identifier=com.meta.fido2macos, pid=31142, auid=501, euid=501, binary_path=/Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app/Contents/MacOS/FIDO2}, },
2023-10-16 10:45:01.561926+0100 0xc24e6 Default 0x19237c 404 0 tccd: [com.apple.TCC:access] AUTHREQ_ATTRIBUTION: msgID=402.465, attribution={responsible={TCCDProcess: identifier=com.apple.Terminal, pid=2381, auid=501, euid=501, responsible_path=/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal, binary_path=/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal}, accessing={TCCDProcess: identifier=com.meta.fido2macos, pid=31142, auid=501, euid=501, binary_path=/Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app/Contents/MacOS/FIDO2}, requesting={TCCDProcess: identifier=com.apple.WindowServer, pid=402, auid=88, euid=88, binary_path=/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer}, },
2023-10-16 10:45:01.561981+0100 0xc24e6 Default 0x19237c 404 0 tccd: [com.apple.TCC:access] requestor: TCCDProcess: identifier=com.apple.WindowServer, pid=402, auid=88, euid=88, binary_path=/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer is checking access for accessor TCCDProcess: identifier=com.meta.fido2macos, pid=31142, auid=501, euid=501, binary_path=/Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app/Contents/MacOS/FIDO2
2023-10-16 10:45:01.595107+0100 0xc216c Default 0x0 376 0 launchservicesd: [com.apple.launchservices:cas] CHECKIN:0x0-0x13c13c 31142 com.meta.fido2macos
2023-10-16 10:45:01.602683+0100 0xbfa8f Default 0x194061 930 0 distnoted: [com.apple.distnoted:diagnostic] register name: com.apple.sharedfilelist.change object: com.apple.LSSharedFileList.ApplicationRecentDocuments/com.meta.fido2macos token: 930000004e pid: 994
2023-10-16 10:45:01.654756+0100 0xbfa8f Default 0x0 930 0 distnoted: [com.apple.distnoted:diagnostic] register name: com.apple.xctest.FakeForceTouchDevice object: com.meta.fido2macos token: 1c00000023 pid: 31142
2023-10-16 10:45:01.671192+0100 0xbfa8f Default 0x0 930 0 distnoted: [com.apple.distnoted:diagnostic] register name: com.apple.nsquiet_safe_quit_give_reason object: com.meta.fido2macos token: 1f00000020 pid: 31142
2023-10-16 10:45:01.777840+0100 0xc2317 Error 0x19c858 404 0 tccd: [com.apple.TCC:access] TCCDProcess: identifier=com.meta.fido2macos, pid=31142, auid=501, euid=501, binary_path=/Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app/Contents/MacOS/FIDO2 attempted to call TCCAccessRequest for kTCCServiceAccessibility without the recommended com.apple.private.tcc.manager.check-by-audit-token entitlement
2023-10-16 10:45:01.777950+0100 0xc2317 Default 0x19c858 404 0 tccd: [com.apple.TCC:access] AUTHREQ_ATTRIBUTION: msgID=31142.2, attribution={accessing={TCCDProcess: identifier=com.knollsoft.Rectangle, pid=1134, auid=501, euid=501, binary_path=/Applications/Rectangle.app/Contents/MacOS/Rectangle}, requesting={TCCDProcess: identifier=com.meta.fido2macos, pid=31142, auid=501, euid=501, binary_path=/Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app/Contents/MacOS/FIDO2}, },
2023-10-16 10:45:01.819327+0100 0xc1337 Default 0x19c857 3460 0 AuthenticationServicesAgent: (AuthenticationServicesCore) [com.apple.AuthenticationServicesCore:Authorization] Received connection from V9WTTPBFK9.com.meta.fido2macos.localDevelopment
2023-10-16 10:45:01.819743+0100 0xc1337 Error 0x1940f1 3460 0 AuthenticationServicesAgent: (AuthenticationServicesCore) [com.apple.AuthenticationServicesCore:Authorization] Application with identifier V9WTTPBFK9.com.meta.fido2macos.localDevelopment is not associated with domain internalfb.com
The app is listed in https://internalfb.com/.well-known/apple-app-site-association so I don't understand why it is not associated.
My provisioning profile:
$ security cms -D -i ~/Downloads/fido2macos_Local_Development_VZPNUT84NZ.mobileprovision | xmllint --xpath "/plist/dict/key[text()='Entitlements']/following-sibling::dict[position()=1]" -
<dict>
<key>com.apple.developer.associated-domains</key>
<string>*</string>
<key>com.apple.application-identifier</key>
<string>V9WTTPBFK9.com.meta.fido2macos.localDevelopment</string>
<key>keychain-access-groups</key>
<array>
<string>V9WTTPBFK9.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>V9WTTPBFK9</string>
</dict>
Codesign output for the built artifact:
$ codesign -d --entitlements - --xml /Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app | xmllint --xpath "/plist/dict" -
Executable=/Users/ardi/fbsource/buck-out/v2/gen/fbsource/a6ea8844740f176d/fbobjc/Apps/Internal/FIDO2/__FIDO2__/FIDO2.app/Contents/MacOS/FIDO2
<dict><key>com.apple.application-identifier</key><string>V9WTTPBFK9.com.meta.fido2macos.localDevelopment</string><key>com.apple.developer.associated-domains</key><array><string>webcredentials:internalfb.com</string><string>webcredentials:www.internalfb.com</string></array><key>com.apple.developer.team-identifier</key><string>V9WTTPBFK9</string></dict>
Both V9WTTPBFK9.com.meta.fido2macos.localDevelopment and V9WTTPBFK9.com.meta.fido2macos are also cached by the CDN: https://app-site-association.cdn-apple.com/a/v1/internalfb.com