Device unable to download the AASA file when using a domain name with special characters

Hello, I have a fully functional webauthn relying party that uses passkeys and I am trying to implement an iOS sdk for it. On the server, the AASA file is valid and well served at /.well-known/assetlinks.json. I verified its validity with branch.io and that it is indeed cached by Apple's CDN (https://app-site-association.cdn-apple.com/a/v1/service.domain.com), but even will all these I still get the following error when installing the app on a device and starting the passkey ceremony:

Passkey authorization failed. Error: The operation couldn’t be completed. Application with identifier TEAM.com.APP is not associated with domain service.domain.com

So I then checked the system log when installing the app on my iPhone, and under the swcd process (which is apparently responsible of fetching the AASA file) I found the following error:

 swcd: Domain is invalid. Will not attempt a download.

The issue that I have is that my domain is actually an IDN, it has a special character in it. But everywhere I have used it, I converted it to ASCII (punycode). With this conversion, Apple's CDN is able to fetch the AASA file, and the passkey ceremony works fine on a browser.

So I don't understand how the device (both iPhone or Mac) finds this domain to be invalid? In the app's entitlements, I added the capability for an associated domain, with webcredentials:service.domain.com with the domain name converted to ASCII (punycode) and developer mode doesn't address this issue as it appears when the app is installed (and is not related to Apple's CDN).

The last thing I tried was to add the domain with special characters in the app's entitlements (for webcredentials:) but then Xcode was unable to install the app on the device, and gave the following error:

Failed to verify code signature (A valid provisioning profile for this executable was not found.)

which happened only with a special character in the domain in the app's entitlements.

All this leaves me kind of in a dead end, I understand Xcode or iOS/macOS has a hard time with IDNs and special characters (so do I), but I have no idea on how to solve this (without changing the domain name), so I would really appreciate any help. Thanks in advance.

PS: I tested all this previously with another domain without special characters and it was working. It also had dashes ('-') in it and the new domain converted to ASCII is basically a regular domain with '-' in it so I suppose there is some kind of conversion made from ASCII back to special characters and that then, the domain is considered as invalid, but this doesn't really help me a lot...

PS2: My devices are running on iOS 17.4.1 and macOS 14.4.1 with Xcode 15.2

Thanks for the post. It seems like you are using passkeys in your solution with AASA files, please read this thread about the current issue with your solution. : https://forums.developer.apple.com/forums/thread/756740?answerId=790908022#790908022

Have you test it with the recommended iOS version from the post above?

I'm looking forward to hearing back from you, particularly regarding passkeys, and seeing the AASA file links. Your patience is appreciated!

Thanks.

Hello, following this thread, I tried again on iOS 18 Beta 7 and the issue is still the same; when looking at the system process swcd, I get the following error: "Domain ac….de….com is invalid. Will not attempt a download". When building, the same app with a domain without any special character, the swcd process executes successfully and the device is able to download the AASA file.

Thanks for your reply. iOS 18 is still in beta, so this should have worked. Would you mind filing a bug report?

Don't forget to include the sysdiagnose from the device. Once you open the bug report, please post the FB number here for my reference.

If you have any questions about filing a bug report, take a look at Bug Reporting: How and Why?

Just posted a bug report with the following number: FB14980438

Device unable to download the AASA file when using a domain name with special characters
 
 
Q