~5% of our users when downloading the iOS application from the Apple Store for the first time are unable to enrol a Passkey and experience an error saying the application is not associated with [DOMAIN].
The error message thrown by the iOS credentials API is
"The operation couldn't be completed. Application with identifier [APPID] is not associated with domain [DOMAIN]"
We have raised this via the developer support portal with case id: 102315543678
Question:
Why does the AASA file fail to fetch on app install and is there anything that can be done to force the app to fetch the file?
Can this bug be looked at urgently as it is impacting security critical functionality?
Other Debugging Observations
We have confirmed that our AASA file is correctly formatted and hosted on the Apple CDN. Under normal circumstances the association is created on install and Passkey enrolment works as intended.
We have observed that when customers uninstall/reinstall the app this often, but not always, resolves the issue. We also know this issue can resolve itself overtime without any intervention.
We have ruled out network (e.g VPN) issues and have reproduced the issue across a number of different network configurations.
We have ruled out the Keychain provider and have reproduced it across a variety of different providers and combinations of.
We observed this across multiple versions of the iOS operating system and iPhone hardware including the latest hardware and iOS version.