Post

Replies

Boosts

Views

Activity

Reply to help with passkey authentication
Hi @letsbondiway1986 thank you for your response! It's just a PoC so I just used something I can regenerate easily without a database or something like that (I took the first 16 bytes of the hash of the rp id). But you are right this is what causes the problem. So the following question is: what should I use as the userHandle?
Dec ’23
Reply to passkey attestationObject confusion
so I tried to send all the attestation object using this code: import SwiftCBOR class CredentialProviderViewController: ASCredentialProviderViewController { ... ... ... func hashRP(_ rp: String) -> [UInt8] { let hashed = SHA256.hash(data: Data(rp.data(using: .utf8) ?? Data([]))) return Array(hashed) } fileprivate func generateCosePublickKey() -> [UInt8] { let privateKey = P256.Signing.PrivateKey() let publicKey = privateKey.publicKey.x963Representation let decodedPublicKey: [Int:CBOR] = [ 1: 2, 3: -7, -1: 1, -2: CBOR.byteString(publicKey[1..<33].map { $0 }), -3: CBOR.byteString(publicKey[33..<65].map { $0 }) ] return CBOR.encode(decodedPublicKey) } func generateAttestedObject(_ rp: String) -> Data { var att: [Int:CBOR] = [:] let hashedRpId: [UInt8] = hashRP(rp) let flagsAndSignedCount: [UInt8] = [93, 0, 0, 0, 0] let idLength: [UInt8] = [0, 16] let cosePublicKey: [UInt8] = generateCosePublickKey() let attestedCredentialData = hashedRpId + flagsAndSignedCount + exampleAAGUID + idLength + hashedRpId[0..<16] + cosePublicKey att[1] = "none" att[2] = CBOR.byteString(attestedCredentialData) att[3] = CBOR.map([:]) let encoded = CBOR.encode(att) return Data(encoded) } @IBAction func onRegister(_ sender: UIButton) { guard let request = newRegistrationRequest as? ASPasskeyCredentialRequest else {return} let attObj: Data = Data(generateAttestedObject(request.credentialIdentity.serviceIdentifier.identifier)) let passkey: ASPasskeyRegistrationCredential = ASPasskeyRegistrationCredential( relyingParty: request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(hashRP(request.credentialIdentity.serviceIdentifier.identifier)[0..<16]), attestationObject: Data(attObj) ) extensionContext.completeRegistrationRequest(using: passkey){ endedWell in NSLog("onRegister called \(endedWell ? "" : "not") ended well") } } } but i still get errors on the client side. can someone please help me?
Dec ’23