Post

Replies

Boosts

Views

Activity

How to identify whether a passkey is created from an Apple device (iCloud Keychain)
Hi, I am currently implementing the ability to allow users to add a Passkey to their account by using the webuathn api. My current issue is that I would like to identify what type of device/authenticator the user has used to create their passkey so that we can automatically set a nickname for the passkey for the user to help the user experience (E.g. if a user has setup a passkey on an Apple device, we would auto set the nickname as iCloud Keychain so its clear to the user that the passkey is not specific to just the device they set it up on). After some reading, it seems like when trying to create a new passkey via an Apple device, it will not send a populated attestation with any sort of attestation statement, aaguid, fmt etc... and this is what I have been seeing in my testing of my implementation. My question is, instead of using an aaguid, is there an alternative way to identify that the user has created a passkey via iCloud Keychain? I can see that when creating a passkey to my Google account via my iPhone/Macbook, they seem to be able to identify when a passkey is created on an Apple Device and labels it automatically as ("iCloud Keychain") and this applies to both doing it via platform and cross-platform. I essentially want to be able to achieve this but I'm not sure how this can be done.
2
0
1.4k
Oct ’23