hello, I want to use the latest addition in security i.e., passkeys across apple ecosystem. I have 2 iPhones (D1 and D2) I have created passkey from D1 for some RP (eg. walmart.com) D1 has a screen-lock using index-finger. The passkey is successfully stored in my iCloudKeyChain Now I go to D2 The screen-lock in D2 is made up of middle-finger. I configure my iCloudKeyChain on D2 using same apple-id If I want to bring the same passkey on D2 that I stored from D1 in iCloudKeyChain , am I required to provide screen unlock finger-print of D1 i.e., index-finger ?? Thanks.

Hello We have a react native iOS app and we are having issues with password autofill. We have read some documentation on "associated domains" but cant find anything specific to our issue. We don't currently have a website with login. Is that necessary to utilize password auto fill? Thanks for any help

Hello, We recently noticed that the passkeys that our application registers in the ASCredentialIdentityStore are removed after a while and we have to register them again. Do you have any ideas? Or is it possible that this happens automatically even though the application is terminated?

Does the passkey created using third party provider model get synced to iCloud Keychain? If yes, can we avoid that using the attestation object somehow to have it ties to the device where it was created? Being new to this domain, I am not sure if I am asking a right question.

We are trying to support Passkey Management in our app with the latest iOS 17 Passkey Autofill. During this process, we have a few doubts and queries: First, we have configured the AutoFill extension for external passkey management Next we used the 'prepareInterface(forPasskeyRegistration:' delegate for passkey generation We are facing an issue on creating the attestationObject for ‘ASPasskeyRegistrationCredential’. Here, we’re not sure if we need to create the attestationObject [if so any documentation or help regarding this] or is there any API to get the attestationObject which we are missing. override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) { let request = registrationRequest as! ASPasskeyCredentialRequest let passkeyRegistration = ASPasskeyRegistrationCredential(relyingParty: request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(UUID().uuidString.utf8), attestationObject: "????") extensionContext.completeRegistrationRequest(using: passkeyRegistration) } Even we have tried passing the hardcoded attestationObject[we used the existing attestationObject received using icloud keychain] , still we got empty ‘ClientDataJSON’ on ‘authorizationController(controller:’ delegate.

Hi. I'm trying to develop a passkey app connected with a Webauthn server. There is a problem in the process of creating the Attestation Object. Since I am assigned 8445 port, I need to upload the /.well-known/ directory to that port. In the WebAuthn specification, the RPID should not include the port number. (https://www.w3.org/TR/webauthn-2/#relying-party-identifier) When initializing an ASAuthorizationPlatformPublicKeyCredentialProvider object, if I add the port number to RPID, the passkey UI will work and ASAuthorization object will be checked. But, I don't get authentication from webauthn server because the Attestation Obj is generated with RPID which contains port. Is there any way to specify the port number to check the "well-known" directory? Or is it only possible on port 443? I checked the post, but there is no more feedback, so I'm asking a question. (https://developer.apple.com/forums/thread/730028)

Hi all, Trying to create a Passkeys registration in my app. This is the implementation I have: ASAuthorizationPlatformPublicKeyCredentialProvider *provider = [[ASAuthorizationPlatformPublicKeyCredentialProvider alloc] initWithRelyingPartyIdentifier:[[jsonDict objectForKey:@"rp"] objectForKey:@"id"]]; ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest *request = [provider createCredentialRegistrationRequestWithChallenge: [jsonDict objectForKey:@"challenge"] name:[[jsonDict objectForKey:@"user"] objectForKey:@"name"] userID:[[jsonDict objectForKey:@"user"] objectForKey:@"id"]]; ASAuthorizationController *controller = [[ASAuthorizationController alloc] initWithAuthorizationRequests:[NSArray arrayWithObject:request]]; controller.delegate = self; controller.presentationContextProvider = self; [controller performRequests]; But I get this error: Remote proxy object error handler invoked with error: Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." Connection to agent service interrupted with error: Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." ASAuthorizationController credential request failed with error: Error Domain=NSCocoaErrorDomain Code=4097 "Couldn’t communicate with a helper application." And this is the NSError I get in authorizationController:didCompleteWithError: authorizationController error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent" UserInfo={NSDebugDescription=connection to service named com.apple.AuthenticationServicesCore.AuthenticationServicesAgent} Everything is defined right (associated domains in project and .well-known). Any reason I can't continue? Edit: I'm with iOS 17.0 (21A5248v) and Xcode-Beta (15A5160n) if it matters. Thanks

Firstly massive thank you to the Passkeys team at Apple for opening up the APIs to allow third-party password manager apps to save and autofill Passkeys in iOS 17! I wasn't expecting this so soon. Incredible work. I have successfully implemented the new methods on ASCredentialProviderViewController, up to the point where our app's extension is now being presented when a user is prompted to "Create a passkey?". However two things are not entirely clear to me from this point on: When the user chooses our app to create a password by tapping "Continue", the prepareInterfaceToProvideCredential(for credentialRequest: ASCredentialRequest) method is called. Should I be handling passkey creation within this method? Really at this point I was expecting prepareInterface(forPasskeyRegistration: to be called instead. Are new passkeys automatically generated and returned by AuthenticationServices during this flow, or is it down to the developer to generate a new passkey here? I ask because the documentation for prepareInterface(forPasskeyRegistration: seems to imply the former, stating: "This method will present your extension's UI for user authentication before creating the passkey." Thanks again.

*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'Application tried to present modally a view controller <_SFAppAutoFillPasswordViewController: 0x106e22ee0> that is already being presented by <UIKeyboardHiddenViewController_Autofill: 0x106e25a10>.' IOS16(not sure other OS version could reproduce this or not) click on textfield, then keyboard shows(with a key button above), click key button, it crashes randomly.

Hi, When attempting to perform a credential registration, I constantly get the error Application with identifier <...> is not associated with domain <domain> I've verified the following: The file is present on the required URL path https://123.com/.well-known/apple-app-site-association { "webcredentials": { "apps": [ "<PREFIX>.bundleID" ] } } Added the Capabilities to my domain Confirmed that the CA is valid and there are no redirects. Am I missing something? My device is able to properly access the file