Post

Replies

Boosts

Views

Activity

What information does FIDO2 url contain and how can we decode it in Swift?
0 In WWDC 2022 Apple launched GA of Passkeys which will enable FIDO2 authentication in iOS ecosystem, the next gen open standards based authentication mechanism to replace passwords. On a Relying Party (RP) server supporting FIDO2 when a user registration is initiated, the browser generates a QR code to register a phone as platform authenticator. I am trying to build an app which opens up a QR scanner view and I want to register for the FIDO credential from the app by scanning the QR code generated by the browser. The parsed string is of the format - FIDO:/090409094349049349....... What information does this FIDO:/090409094349049349....... url protocol contain relating to the RP? Also, is there a way to decode this in Swift to get that information in json or string format? Since the camera app on iPhone is able to scan the QR and generate information like RP domain name and user being registered, I believe there should be a way to do this from a QR scanner inside an app as well. Or are these APIs private in nature only for usage of Camera app?
2
0
1.4k
Aug ’22
Apple Watch logo requirements for app's notifications
I have an iPhone/iPad application for which there is no watchOS target and as such no separate Watch app. I do not have separate watchOS app icons included as well in Assets. However, an Apple Watch is supposed to receive push notifications for the application. Do we as app developers need to provide watchOS app icons, with different resolutions as suggested by Apple in HIG, in app's Assets for the app logo to appear properly in the notification coming in watch, for both short look and long look? As of now, my app's icon appear pixelated in short look and I am not sure whether it is an app icon issue or because I did not include watchOS app icons in Assets.
2
0
546
Oct ’24
Why doesnt Apple allow BE BS flags to be false in AutoFill credential provider's attestation response?
It appears that for a successful registration of a passkey to a relying party using passkey autofill provider, the BE BS bits/flags in the attestation response need to be set to true. Please refer FLAGS byte of authData field part of attestationObject mentioned here - https://www.w3.org/TR/webauthn-2/#sctn-attestation. If those flags are set to false, the RP rejects saying - "The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client." What are the implications of having those flags set to true? Does it make the generated passkey syncable across devices using same apple id? If yes, is there at all anyway possible by which a generated passkey can be made device bound, basically can be generated and used only on a single iPhone/iOS device? Also, is there a plan to ever make those flags to be set to false in a future iOS release? Also, what does it mean in the credential provider popup where it says - "Available where is installed." in the below screenshot?
2
0
980
Nov ’23
Does Apple allow packed format attestation in passkey credential provider approach?
I am trying to implement a third party passkey credential provider and I have been able to successfully setup the project for that. Below is a sample code which I am using - let passkeyRegistrationCredential = ASPasskeyRegistrationCredential(relyingParty: self.request?.credentialIdentity.serviceIdentifier.identifier ?? "", clientDataHash: self.request?.clientDataHash ?? Data(), credentialID: Data(credentialId), attestationObject: Data(attestationBytes) self.extensionContext.completeRegistrationRequest(using: passkeyRegistrationCredential) The attestationBytes object that I am generating and sending back to RP seems to work only if I set the "fmt" to "none", which basically requires "attStmt" to be sent as an empty value as per WebAuthn spec - https://www.w3.org/TR/webauthn-2/#sctn-none-attestation When trying to set the "fmt" to "packed" in attestation object and creating a self signed "attStmt" consisting of "alg" and "sig" key-values referring - https://www.w3.org/TR/webauthn-2/#sctn-packed-attestation, it does not seem to work. The RP throws an error. I do not have "x5c" object as that supposedly is not mandatory in case of self attestation. I have "authData" also as part of the response properly setup. Is it not possible to use packed attestation or am I missing something in creating the attestation object? Also, does Apple modify the response being sent in the background before sending to RP if packed fmt is used?
1
0
875
Nov ’23
Is it allowed to add an image to UIAlertController?
I saw some solutions on the internet where they have added an UIImageView to a UIAlertController, something like this - var imageView = UIImageView(frame: CGRect(x: 100, y: 10, width: 40, height: 40)) imageView.image = yourImage alert.view.addSubview(imageView) Is this allowed? Coz Apple's documentation says the following - "The UIAlertController class is intended to be used as-is and does not support subclassing. The view hierarchy for this class is private and must not be modified."
2
0
2k
Jun ’22