Passkey AutoFill - How to get AttestationObject ?

We are trying to support Passkey Management in our app with the latest iOS 17 Passkey Autofill.

During this process, we have a few doubts and queries:

  1. First, we have configured the AutoFill extension for external passkey management
  2. Next we used the 'prepareInterface(forPasskeyRegistration:' delegate for passkey generation
  3. We are facing an issue on creating the attestationObject for ‘ASPasskeyRegistrationCredential’. Here, we’re not sure if we need to create the attestationObject [if so any documentation or help regarding this] or is there any API to get the attestationObject which we are missing.
override func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) {
        
        let request = registrationRequest as! ASPasskeyCredentialRequest

        let passkeyRegistration = ASPasskeyRegistrationCredential(relyingParty: 
request.credentialIdentity.serviceIdentifier.identifier, clientDataHash: request.clientDataHash, credentialID: Data(UUID().uuidString.utf8), attestationObject: "????") 

        extensionContext.completeRegistrationRequest(using: passkeyRegistration)
    }
  1. Even we have tried passing the hardcoded attestationObject[we used the existing attestationObject received using icloud keychain] , still we got empty ‘ClientDataJSON’ on ‘authorizationController(controller:’ delegate.
Answered by Systems Engineer in 763828022

Generating a proper attestation object is a significant portion of the work that goes in to building a passkey manager. This object is defined in the WebAuthn spec itself, not by Apple. See my previous answer to a similar question for more details :)

Generating a proper attestation object is a significant portion of the work that goes in to building a passkey manager. This object is defined in the WebAuthn spec itself, not by Apple. See my previous answer to a similar question for more details :)

@Apple Designer Is it correct that right now when any passkey-provider prepares the passkey registration ceremony response with attestation, iOS strips off the attestation before handing over response-assertion to the client.

Does this stripping off of attestation have to do anything with the BS and BE flags that are populated by passkey-provider ? Meaning, is it correct statement that iOS removes the attestation blob from the response if the BE and BS flags are set to zero ??

Passkey AutoFill - How to get AttestationObject ?
 
 
Q