~5% of our users when downloading the iOS application from the Apple Store for the first time are unable to enrol a Passkey and experience an error saying the application is not associated with [DOMAIN].
The error message thrown by the iOS credentials API is "The operation couldn't be completed. Application with identifier [APPID] is not associated with domain [DOMAIN]"
We have raised this via the developer support portal with case id: 102315543678
Question: Why does the AASA file fail to fetch on app install and is there anything that can be done to force the app to fetch the file?
Can this bug be looked at urgently as it is impacting security critical functionality?
Other Debugging Observations We have confirmed that our AASA file is correctly formatted and hosted on the Apple CDN. Under normal circumstances the association is created on install and Passkey enrolment works as intended.
We have observed that when customers uninstall/reinstall the app this often, but not always, resolves the issue. We also know this issue can resolve itself overtime without any intervention.
We have ruled out network (e.g VPN) issues and have reproduced the issue across a number of different network configurations.
We have ruled out the Keychain provider and have reproduced it across a variety of different providers and combinations of.
We observed this across multiple versions of the iOS operating system and iPhone hardware including the latest hardware and iOS version.
This should be significantly better starting in iOS 18 beta 4. This specific issue only affects sign-in attempts that happen immediately after install, before the AASA file has been verified. In general the AASA file is verified within seconds, but of course it's affected by many factors.
Starting in beta 4, the system will detect this state and provide extra time for AASA verification. If it still hasn't been verified in that time, a new error message will be returned indicating that the request can be retried shortly. If you're still seeing this new error frequently in beta 4 or later, please file new feedbacks as the logs will be very helpful :)
