How to utilize each field of WebAuthn Options for implementation on iOS?

Hello, I am currently working on implementing credential registration for biometric authentication using WebAuthn in an iOS app. I am using ASAuthorizationPlatformPublicKeyCredentialProvider to create a credential registration request based on the data retrieved from the WebAuthn options endpoint.

At the moment, I am only using user.id, user.name, and challenge from the options response, and I am unsure how to utilize the other fields effectively. I would greatly appreciate advice on how to use the following fields:

**Fields I would like to use: **

  • rp (Relying Party)

I am retrieving id and name, but I am not sure how best to pass and utilize these fields. Is there an explicit way to use them?

  • authenticatorSelection

How can I set requireResidentKey and userVerification in ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest? Also, what are the specific benefits of using these fields?

  • timeout

Is there a way to reflect the timeout value in the credential registration request, and what would be the best way to handle this information in iOS?

  • attestation

The attestation field can contain values such as none or direct. How should I reflect this in the credential registration request for iOS? I would appreciate a sample implementation or guidance on the benefits of setting this field.

  • extensions

If I want to customize the authentication flow using the extensions field, how can I appropriately reflect this in iOS? For instance, how can I utilize extensions like credProps?

  • pubKeyCredParams

Regarding pubKeyCredParams, which is a list of supported public key algorithms, I am unsure how to use it to select an appropriate algorithm in iOS. How should I incorporate this information into the request?

  • excludeCredentials

I understand that setting excludeCredentials can prevent duplicate registration, but I am not sure how to use past credential information to set it effectively. Any advice on this would be appreciated.

**Current Code **

Currently, I have implemented the following code, but I am struggling to understand how to add and configure the fields mentioned above.

let publicKeyCredentialProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(
    relyingPartyIdentifier: "www.example.com"
)

let registrationRequest = publicKeyCredentialProvider.createCredentialRegistrationRequest(
    challenge: challenge,
    name: userId,
    userID: userIdData
)

let authController = ASAuthorizationController(authorizationRequests: [registrationRequest])
authController.delegate = self
authController.presentationContextProvider = self
authController.performRequests()

In addition to the above code, I would be grateful if anyone could advise on how to configure fields like rp, authenticatorSelection, attestation, extensions, and pubKeyCredParams as well. Furthermore, I would appreciate any insights into the benefits of setting each of these fields in iOS, and any security considerations to be aware of.

If anyone has experience with this, your guidance would be extremely helpful. Thank you very much in advance!

Answered by ryutaromilmake in 815705022

Regarding userVerification I have now figured out how to set the userVerificationPreference field. Specifically, I used the init(rawValue:) method of ASAuthorizationPublicKeyCredentialUserVerificationPreference to set the value retrieved from the WebAuthn options userVerification.

registrationRequest.userVerificationPreference = 
    ASAuthorizationPublicKeyCredentialUserVerificationPreference.init(
        rawValue: userVerification.rawValue
    )
Accepted Answer

Regarding userVerification I have now figured out how to set the userVerificationPreference field. Specifically, I used the init(rawValue:) method of ASAuthorizationPublicKeyCredentialUserVerificationPreference to set the value retrieved from the WebAuthn options userVerification.

registrationRequest.userVerificationPreference = 
    ASAuthorizationPublicKeyCredentialUserVerificationPreference.init(
        rawValue: userVerification.rawValue
    )
How to utilize each field of WebAuthn Options for implementation on iOS?
 
 
Q