ASCredentialIdentityStore.removeCredentialIdentities does NOT remove the credential as expected

Question

Created Sep ’23

Replies 7

Boosts 1

Views 1.2k

Participants 3

what could be the reason that we after saving and deleting the same list of [ASPasskeyCredentialIdentity], the credential still show up in the OS UI (quick type bar or when tapping the password key icon on top of the keyboard).

does that mean the remove operation fail? but our log indicate that the removeCredentialIdentities completion closure succeed without error.

and for the ASPasskeyCredentialIdentity initialization, we fill in the parameters from the same object, so we believe the id parameter shall be the same (which identify the same ASPasskeyCredentialIdentity to be saved and removed)

what could be the reason that it is still showing up in the OS UI? is this a know issue?

Boost

Answer 1

zhisliu OP

Sep ’23

I have even compared the relyingPartyIdentifier, userName, credentialID, userHandle and recordIdentifier at add time vs remove time, string by string and byte by byte, they look exactly the same yet somehow the removeCredentialIdentities still could not delete the right passkey from the storage. wonder if this is a bug of ASCredentialIdentityStore

1

Answer 2

zhisliu OP

Sep ’23

below is the code I used to remove the passkey. the log indicate the "Delete result: true, error: nil". and the ASPasskeyCredentialIdentity initialization parameters are exactly the same as those I used at passkey add time (validated through Xcode debugger). yet the passkey can still been seen in the store (shown in quickType Bar as one of the credential option)

        let removePasskey = ASPasskeyCredentialIdentity(relyingPartyIdentifier: passkey.rpId,
                                                        userName: passkey.username,
                                                        credentialID: passkey.keyId,
                                                        userHandle: passkey.userHandle,
                                                        recordIdentifier: passkey.coreDataId)
        
        let store = ASCredentialIdentityStore.shared
        store.getState { state in
            if state.isEnabled {
                ASCredentialIdentityStore.shared.removeCredentialIdentities([removePasskey]) {
                    success, error in
                    print("Delete result: \(success), error: \(error)")
                }
            }
        }

1

Answer 3

zhisliu OP

Sep ’23

in our latest testing, we found that the ASCredentialIdentityStore.shared.removeCredentialIdentities API works as expected for ASPasswordCredentialIdentity, but fail to remove ASPasskeyCredentialIdentity. and we make sure to use the same set of passkey initialization parameters during testing, so the it cannot be passkey identification issue.

The ASCredentialIdentityStore.shared.removeCredentialIdentities must have some bug when removing ASPasskeyCredentialIdentity. could you take a look into this please? or is there any other way that I can draw Apple's attention to fix this?

1

Answer 4

Jafar96 OP

Sep ’23

I have the same issue.

0

Answer 5

Jafar96 OP

Sep ’23

For me, it works when call it from the extension but not when called from the host app.

0

Answer 6

Systems Engineer OP

Apple

Sep ’23

This is a known issue in 17.0.

0

Answer 7

Systems Engineer OP

Apple

Oct ’23

This should be fixed in iOS 17.1 beta 2.

0