Reset passkeys

Privacy & Security General
rprisram123 OP
Created Mar ’23
Replies 2
Boosts 0
Views 1.4k
Participants 3

Hi, I referred to the documentation for reset passkeys - https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_passkeys#4047465 , this method createCredentialRegistrationRequest seems to be an instance of ASAuthorizationSecurityKeyPublicKeyCredentialRegistration and returns a registration request of the the type ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest, is this correct? When i tried to integrate the same, it gave "No algorithms specified for ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest" from iOS. So, i tried replacing the registration request with ASAuthorizationPlatformPublicKeyCredentialProvider with same params as expected for createCredentialRegistrationRequest with challenge, username and userId, but it ended up creating one more passkey which I could see in settings.

  • It created new passkey though I expected this to replace existing. is this expected?
  • Also, will this registration request expected to replace ALL passkeys created for this user for this domain or just 1 passkeys matching the user and domain?

Please let me know if I missed out anything. Thanks for your help

Replies  2
Boosts  0
Views  1.4k
Participants  3
Systems Engineer OP
Apple
Mar ’23
  • ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest is meant to register new credentials on hardware security keys.
  • ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest is meant register new passkeys.

Security key registrations always require you to specify credentialParameters, which means setting the list of supported algorithms. This is because not all security keys support all algorithms, so you need to make sure the hardware key supports something that you also support. Passkeys only support a single algorithm, so this isn't necessary.

For both passkeys and security keys, registering a new credential with a userID and domain that matches an existing credential will overwrite the existing credential. However, this is only true within the same type of credential. Registering a passkey will never overwrite a credential on a security key or vice versa, because these are different types.

When a replacement happens, exactly one credential will be replaced: the one with the matching userID and domain. Other credentials, including for the same domain, will not be affected.

0
Xiaoshouzi OP
Jun ’23

Hi Garrett, Can you confirm the API (securityKey) provided in the Change or reset a passkey section is wrong? This gives the impression that developers can update displayName of a passkey.

0
Reset passkeys
First post date Last post date
 
 
Q