On simulator, everything works fine. But when I run on an iOS beta 3 device, the UI simply doesn't change. I just see the one button stay there. Logs show the below upon every click. I know there's the expected System UI with "Hold here to present" based on the simulator, but I can't see it on a real device. Is there some Terms & Conditions thing I should expect, maybe? Please advise. Thanks. . . . [for reference, the below are the error logs in Xcode] An error occurred while reading a mobile document: The operation couldn’t be completed. (ProximityReader.MobileDocumentReaderError error 6.) serviceUnavailable Could not create identity session due to: [ Error Domain=ProximityReader.IdentityReaderErrorInternal Code=15 UserInfo={NSDebugDescription=, code=} ]

Hi, I am using DOTNET-Passbook library to generate apple wallet pass, it was successfully generated and saved. Now when I am updating the pass using push notification. Push notification not showing on phone. I have followed the wallet protocol for API creation following this Article https://developer.apple.com/library/archive/documentation/PassKit/Reference/PassKit_WebService/WebService.html after the API implementation, I am successfully getting device token and push token from API and I am using Pass Type ID certificate to update pass and sending notification on push token received from API. Following this article for configuration: https://medium.com/@yangzhoupostbox/part-2-push-notification-for-updating-apple-pass-in-asp-net-6020768d112

I have a team on my company looking to develop a let say "link" to distribute between some sale employes to "automatically" create a Business Card inside Apple Wallet. The idea is that "link" will have all the public employe information and the look&feel of the card. They are following this page: https://github.com/alexandercerutti/passkit-generator/wiki/Generating-Certificates So they are asking us those certificates: Signer Certificate (Developer) Signer Certificate Key (Developer) WWDR (Apple WorldWide Developer Relations) G4 Certificate Can someone explain me if giving those certificates to the develpers could have some security risk? Or what else they can do having those certificates? Thanks!

I am working on a project where it needs to implement wallet extension to add cards from Apple wallet. I am stuck in the flow where app is not getting displayed in wallet while trying to add. Any sample implementation available? Any help would be much appreciated

I am working on a banking application (includes iPhone and iPad) which includes add to wallet feature. During the implementation I saw one document it is mentioned that for iPad app, the app must be extended to support Apple pay functionality. Details from document says "Card Issuers with an iOS mobile banking app must support Card Issuer iOS Wallet extension functionality to enable Card issuer mobile app customers to provision new cards directly from the iOS Wallet app with all eligible Apple iOS devices. If the Card Issuer has a dedicated iPad App, that App must be extended to support Apple Pay functionality. " Is wallet extension implementation required for Apple pay to work in iPhone and iPad? Is wallet extension a mandatory implementation for Add to Apple Wallet feature to work and approved by Apple? I am little confused in this. Anyone who integrated Apple pay or done add to Apple Wallet feature recently without wallet extension faced any rejection? Any help would be much appreciated.

I am attempting to implement the Tap to Present ID (Data Request) feature and am wondering if the Data Request will succeed without a reader token. From the wording in the WWDC video (31:50 in WWDC2023-10114 video), it sounds the reader token is necessary, but the example is building off of the previous MobileDriversLicenseDisplayRequest example where the the reader token was used only for the branding to be displayed. In my app running on Simulator, I'm able to get the placeholder data to return from a MobileDriversLicenseDataRequest without using a reader token. Since I'm unable to test this on physical device (I don't live in a state that has Mobile ID's), I'm hoping an Apple engineer can comment on if the reader token is required strictly for the branding to be presented, and not for the Data Request itself to succeed. Thank you.

Hello everyone, I am trying to figure out the difference between the AddPassToWalletButton and the PKAddPassButton. When I read through the Apple Wallet documentation, it always mentions using the PKAddPassButton. Now I'm using SwiftUI, which the PKAddPassButton isn't compatible with. During my research I came across the AddPassToWalletButton (https://developer.apple.com/documentation/passkit/addpasstowalletbutton) and wanted to know whether it is the equivalent of PKAddPassButton (for SwiftUI) and whether it can be used in accordance with the apple developer guidelines (https://developer.apple.com/wallet/add-to-apple-wallet-guidelines/). It got me wondering since the guidelines only refer to the PKAddPassButton. Thanks for your help.

Hi everyone, Can anyone tell me is any charge for using the apple wallet generic pass? Is only pay for the development account only? anything else?

So creating a IOS-DEVELOPMENT certificate is pretty straight forward... and I suspect some of the other types as well ... but when I try to create a PASS_TYPE_ID certificate it fails with some response messages... "STATUS" : "404" "code" : "NOT_FOUND" "title" : "The specified resource does not exist" "detail" : "There is no identifier with ID 'null' on this team" So it would appear it's expecting more attributes to be set in the payload that are specific to creating that type of certificate. Which of course makes sense. There has to be a way of assigning it to a Pass Type ID that you have created. (It would be nice if the API could at least list existing Pass IDs, or even create them - but I've not seen how yet). But for the life of me I can't find or figure out the syntax for this. Anyone have any luck?

Hey everyone, I hope you're all doing well. I'm currently deep into the implementation of the AddPaymentPassView feature for my app. However, I've hit a roadblock concerning the verification of signatures for both the nonce and nonceSignature. Here's a snapshot of what's giving me a hard time: Within the context of the AddPaymentPassView, I'm having problems when trying to verify the certificate with the nonce and nonceSignature fields. I do recognize the critical nature of this step in terms of security, but I'm finding myself uncertain about the most effective approach. For clarity's sake, here's the function I've been utilizing to carry out signature verification in Swift: func verifySignature(certificateRaw:Data, nonce:Data, nonceSignature:Data ) { if #available(iOS 14, *) { var error: Unmanaged<CFError>? let certificate = SecCertificateCreateWithData(nil, certificateRaw as CFData) // Create a policy for X.509 certificate validation let policy = SecPolicyCreateBasicX509() // Create a certificate trust object with the certificate and policy var trust: SecTrust? let status = SecTrustCreateWithCertificates(certificate, policy, &trust) // Perform policy checks let trustResult = SecTrustEvaluateWithError(trust!, nil) // Extract the public key from the certificate let publicKey = SecTrustCopyKey(trust!) print("PUBLIC KEY \(publicKey)") print("nonceData \(nonce)") print("nonceSignatureData \(nonceSignature)") let result = SecKeyVerifySignature(publicKey!, SecKeyAlgorithm.ecdsaSignatureMessageX962SHA256,nonce as CFData, nonceSignature as CFData, &error) if result { print("Signature verification successful") } else { print("Signature verification failed: \(error?.takeRetainedValue() as Error?)") } } else { // Return something else here. print("NOT AVAILABLE") } } I'm invoking this function within the addPaymentPassViewController like so: func addPaymentPassViewController( _ controller: PKAddPaymentPassViewController, generateRequestWithCertificateChain certificates: [Data], nonce: Data, nonceSignature: Data, completionHandler handler: @escaping (PKAddPaymentPassRequest) -> Void) { verifySignature(certificate: certificates[0], nonce: nonce, nonceSignature: nonceSignature) However, the verification doesn't seem to be going as planned. Here's a snippet of the logs I'm getting: PUBLIC KEY Optional(<SecKeyRef curve type: kSecECCurveSecp256r1, algorithm id: 3, key type: ECPublicKey, version: 4, block size: 256 bits, y: 613361F002148F2DB831620CBBFD5D6AC711E5F4FF236D1958F0033A5A9D66FF, x: B3095C90197DECCB25B6688EA7C9F3507BEBE38F38D4E2B2CED198968956594A, addr: 0x155b6b080>) nonceData Optional(4 bytes) nonceSignatureData Optional(81 bytes) Signature verification failed: Optional(Error Domain=NSOSStatusErrorDomain Code=-67808 "EC signature verification failed (ccerr -7)" UserInfo={numberOfErrorsDeep=0, NSDescription=EC signature verification failed (ccerr -7)}) It's becoming a bit perplexing. I'm wondering if anyone else has encountered this issue and whether there might be alternative approaches or suggestions to tackle this problem. Any input, code snippets, or resources you can share would be invaluable to me right now. Thanks so much for taking the time to read this and for any assistance you might offer!

I am sure I am missing a pretty elementary step - but - I'm at a loss. I can build a certificate using KeyChain Access, upload the CSR, download the Certificate from the developer portal website and sign Apple Wallet Passes all day long. No Problem. So I thought I'd try to automate some processes with the AppStoreConnectAPI. I want to download the certificate from the app store and use it to sigh passes instead of file on the disk. So I find the right certificate from the API, and one of the token in there is a big byte stream called "certificateContent"... which I assumed would be the same binary data as what I uploaded (and whats on disc). But it doesn't work - it "fails to sign". I must be missing some step that is preventing me from being able to use that key. I have a feeling the a key or something is missing from the certificate I download from Apple's API. Any ideas?

Does anybody know if there were changes in the behavior of Apple Wallet for event tickets somewhere between ios 16.2 and now which would cause a pkpass being added to a wallet to not activate if the pkpass is "registered" to another apple id? I don't mean the pkpass is already in another wallet, rather something about the way it is read in wallet which now would make it stuck in "Your pass is being activated...". (Same pass, different ios seems to have different behavior) Also, can somebody tell me what the "activating" state means in the wallet - does that mean one of these calls failed? Or is it another step? https://developer.apple.com/library/archive/documentation/PassKit/Reference/PassKit_WebService/WebService.html#//apple_ref/doc/uid/TP40011988 Thanks!

I am trying to write some code to send a push notification to a pass on an Apple device using C# .NET and HttpClient over HTTP2 with client certificate authentication. When I run the code, I am seeing the below exception: InnerException = {"Error 12152 calling WinHttpWriteData, 'The server returned an invalid or unrecognized response'."} I am trying to find out why this code is failing? Is it possible to debug/troubleshoot this in some way? Running this code on Windows 10 OS Build version: 21H2 (19044). The application is built on .Net Framework 4.8 and tried using WinHttpHanlder versions 6 and also 7. Also, tried using other third party open source libraries like PushSharp and DotApns. PushSharp does not seem to support Http/2 and dotApns does not support certificate authentication for .net framework. We have no plans to migrate to .net Core. Below is my code: private static string pushToken = "dbc56849<hidden>"; private static string AppleApnServer = "https://api.sandbox.push.apple.com"; public static async Task<PushResult> SendPushNotificationToWalletPass(string notificationContent) { byte[] certificateData = LoadCertificate(); X509Certificate2 certificate = new X509Certificate2(certificateData, String.Empty, X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); string url = $"{AppleApnServer}:443/3/device/{pushToken}"; StringBuilder payload = new StringBuilder(); payload.Append("{ \"aps\" : "); if (string.IsNullOrWhiteSpace(notificationContent)) { payload.Append("\"\" }"); } else { payload.Append(notificationContent); payload.Append(" }"); // close aps dictionary } var handler = new Http2Handler(); handler.ClientCertificates.Add(certificate); using (var httpClient = new HttpClient(handler)) { using (var request = new HttpRequestMessage(HttpMethod.Post, url)) { var messageGuid = Guid.NewGuid().ToString(); request.Content = new StringContent(payload.ToString()); request.Headers.Add("apns-id", messageGuid); request.Headers.Add("apns-push-type", "alert"); using (var response = await httpClient.SendAsync(request, HttpCompletionOption.ResponseHeadersRead)) { HttpStatusCode statusCode = response.StatusCode; string reasonPhrase = response.ReasonPhrase; bool success = response.IsSuccessStatusCode; Console.WriteLine($"APN {(success ? "Delivered Successfully!" : $"Failed to Send! :: StatusCode [{statusCode}] Reason [{reasonPhrase}]")} :: PushToken [{pushToken}]"); if (!success) { switch (statusCode) { case HttpStatusCode.Gone: // The device token is no longer active for the topic. return PushResult.DeviceNotRegistered; default: return PushResult.Failure; } } return PushResult.Success; } } } } public enum PushResult { Success = 0, Failure = 100, DeviceNotRegistered = 200 } // Apple APNS requires http2 but .Net Framework does not support http2 (only built in support in .net core) // found this workaround https://stackoverflow.com/questions/32685151/how-to-make-the-net-httpclient-use-http-2-0/43101990#43101990 private class Http2Handler : WinHttpHandler { protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { request.Version = new Version("2.0"); return base.SendAsync(request, cancellationToken); } }

The Getting Started with Apple Pay documentation states that we should use this method to activate passes with In-App Verification. The main param is the activationData, which is generated by PNOs. The issue is that to generate the activationData, a nonce is required. How can we get the nonce on the In-App Verification context? The only way mentioned in the documentation to get the nonce is through PKAddPaymentPassViewControllerDelegate. But the PKAddPaymentPassViewController should be use only to In-App Provisioning, should not?

Hi All I have successfully created an Apple pass using PHP. The pass is added to the Apple wallet successfully. Now, I have to update the pass with a new value for one of the parameters in the pass. How do we update the value? Please refer to a sample PHP script for the same. I have checked the below sites, Here, they Mentioned only the input and output, as per the document I received the push token, What should I do after getting the push token? https://developer.apple.com/library/archive/documentation/PassKit/Reference/PassKit_WebService/WebService.html

Greetings, Question 1: I'm currently working on implementing a feature that involves tracking NFC tag reading events. Specifically, I aim to monitor these events for passes that have been added to the wallet using my application. This way, I can gain insights into the interactions users have with these passes and provide enhanced functionality based on their usage patterns. Question 2: Is there a way to implement a restriction on NFC-based passes, allowing them to be used only once for a specific action or purpose? I'm looking to ensure that once a user utilizes the NFC feature associated with a pass, the pass becomes inactive for any future interactions, thereby enforcing a one-time use scenario.

The Wallet Passes is a bundle of files with a signature, in the last step of generate a pass bundle: Sign the Pass and Create the Bundle, I do struggle from trying use Security, CryptoKit and Compression to complete it. Does Security have I method to sign data for PKCS #7 signature? And, must I use zip for a bundle, Compression does not provide a way to generate a zip. Is there a native way to use Apple Framework and Swift to complete it?

I have purchased IPhone 14 Pro Max in USA and using in India. So, I have selected my region as "India". Having India as region: It says "To add cards, keys, tickets and passes to wallet, look for the Add to wallet button in apps, emails and websites." I am not able to proceed further. Having USA as region: Now, I am not able to add any Indian Credit Cards in Apple Pay. I red through the Article from apple forums and found that I have to change the Region. I want to keep India as my region and should be able to use my indian credit cards.

I'm following this guide: https://developer.apple.com/documentation/walletpasses/distributing_and_updating_a_pass#3793284 I'm able to create the bundle.pkpasses but when it's downloaded wallet doesn't recognise it. Is there a limit to the OS version for this to work? I'm trying it out on a iOS v12

Hi All, Product information Our product create and update apple wallet passes per client. For example, client A will have a passtypeidentifier and devices which download the same will have its devicetoken[pushtoken] registered to our database. Same for other clients as well. We had been using legacy binary protocol-based approach till 2021, and we migrated http2 based APNS API implementation in the same year. But past few months, we are getting TooManyProviderTokenUpdates 429 in the production environment. No such error occurring in our lower environment with the same build. We use separate p8 cert,key and teamId per environment. *Implementation we have total of 5 clients, i.e: 5 pass type identifiers. In our current implementation , we create 5 connections per client. hence 5 oauth token[which refreshes only after 20 mins] are created. As we are sending push notifications to Apple wallet passes, we send apns-id as passtypeidentifier , no payload in the body and uses https://api.push.apple.com/3/devies/[pushtoken] endpoint for sending push notifications. So, each connection will have passtypeidentifier defined in the aps-id and device token sent in the URL. We initially suspected, multiple connection for a team identifier would be an issue. So, in our lower region[never reported this error], we tested a new build which implements 1 single connection for all the clients and one Oauth token is being used. In this approach , pass gets updated on the devices, but no notification banner displayed on the devices. So,we reverted to production build and sent notification to those same devices, we found passes updated and notification banner appeared. We are totally confused with the error message and behavior of APNS. Any suggestions or solution would be appreciated.