Hi @letsbondiway1986 thank you for your response! It's just a PoC so I just used something I can regenerate easily without a database or something like that (I took the first 16 bytes of the hash of the rp id).
But you are right this is what causes the problem.
So the following question is: what should I use as the userHandle?
Post
Replies
Boosts
Views
Activity
here is the error:
so I tried to send all the attestation object using this code:
import SwiftCBOR
class CredentialProviderViewController: ASCredentialProviderViewController {
...
...
...
func hashRP(_ rp: String) -> [UInt8] {
let hashed = SHA256.hash(data: Data(rp.data(using: .utf8) ?? Data([])))
return Array(hashed)
}
fileprivate func generateCosePublickKey() -> [UInt8] {
let privateKey = P256.Signing.PrivateKey()
let publicKey = privateKey.publicKey.x963Representation
let decodedPublicKey: [Int:CBOR] = [
1: 2,
3: -7,
-1: 1,
-2: CBOR.byteString(publicKey[1..<33].map { $0 }),
-3: CBOR.byteString(publicKey[33..<65].map { $0 })
]
return CBOR.encode(decodedPublicKey)
}
func generateAttestedObject(_ rp: String) -> Data {
var att: [Int:CBOR] = [:]
let hashedRpId: [UInt8] = hashRP(rp)
let flagsAndSignedCount: [UInt8] = [93, 0, 0, 0, 0]
let idLength: [UInt8] = [0, 16]
let cosePublicKey: [UInt8] = generateCosePublickKey()
let attestedCredentialData = hashedRpId + flagsAndSignedCount + exampleAAGUID + idLength + hashedRpId[0..<16] + cosePublicKey
att[1] = "none"
att[2] = CBOR.byteString(attestedCredentialData)
att[3] = CBOR.map([:])
let encoded = CBOR.encode(att)
return Data(encoded)
}
@IBAction func onRegister(_ sender: UIButton) {
guard let request = newRegistrationRequest as? ASPasskeyCredentialRequest else {return}
let attObj: Data = Data(generateAttestedObject(request.credentialIdentity.serviceIdentifier.identifier))
let passkey: ASPasskeyRegistrationCredential = ASPasskeyRegistrationCredential(
relyingParty: request.credentialIdentity.serviceIdentifier.identifier,
clientDataHash: request.clientDataHash,
credentialID: Data(hashRP(request.credentialIdentity.serviceIdentifier.identifier)[0..<16]),
attestationObject: Data(attObj)
)
extensionContext.completeRegistrationRequest(using: passkey){ endedWell in
NSLog("onRegister called \(endedWell ? "" : "not") ended well")
}
}
}
but i still get errors on the client side.
can someone please help me?