Post not yet marked as solved
I can test with some difficulty using sandbox test accounts, but I want to be absolutely sure that a real purchase works before putting my app in the App Store.Has anyone done this?
I have written a CTK plugin for iOS and Safari can now authenticate with web sites that require client authentication (certificaterequest/certificateverity). However, a WKWebView in my own app never accesses my CTK plugin for authentication.
I need WKWebView TLS to be able to use my CTK just like Safari does. Is there a solution for this?
Xcode 12 doesn't have a template for adding a CryptoTokenKit extension. When I work around this and add my own based off of MacOS I can get my project to build but when I try to run the app on iOS 14, Xcode says Unable to install "***"
The console log for iOS says this (may not be related):
trustd[158]/1#8 LF=0 copyparentcertificates Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither application-identifier nor keychain-access-groups entitlements" UserInfo={NSDescription=Client has neither application-identifier nor keychain-access-groups entitlements}
I have Xcode signing my extension and adding as Embed without signing under Frameworks...
Is there a profile or some way to turn on CryptoTokenKit logging? There are directions for MacOS but not for iOS.
Will it be possible for a CryptoTokenKit extension to open an external accessory on iPhone/iPad (eg: smart card reader)?
If so, do I configure the accessory information in the extension bundle or the main app bundle?
Post not yet marked as solved
Will it be possible on iOS to restrict what apps can see the token in the keychain? Will there be a way to do this from the embedding app or with a device manager?
Post not yet marked as solved
I am attempting to return a javascript promise from an Obj-c class, but the promise returned in the script always appears undefined. Is valueWithNewPromiseInContext supported in UIWebView or only in WKWebView?My class has a JSExport protocol:@protocol TestMe <JSExport>- (void)test:(JSValue*)testID;@end@interface TestMe : NSObject <WebAuthN>+ (void)installInContext:(JSContext*)context;- (JSValue*)test:(JSValue*)testID;@endMy test method:- (JSValue *)test:(JSValue*)testID { if (@available(iOS 13.0, *)) { return [JSValue valueWithNewPromiseInContext:_jsContext fromExecutor:^(JSValue *fulfill, JSValue *reject) { LogDebug("PKWebAuthN newPromise fulfill(%@) reject(%@)\n", fulfill, reject); // test fulfill dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(3 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ JSValue *v = [JSValue valueWithObject:@"success" inContext:self->_jsContext]; [fulfill callWithArguments:@[v]]; }); }]; } else { _jsContext.exception = [JSValue valueWithNewErrorFromMessage:@"webauthn not supported by this iOS version" inContext:_jsContext]; return [JSValue valueWithUndefinedInContext:_jsContext]; }}I successfully get my TestMe object added to the javascript JSContext (my test: method does get called from javascript)In my web page javascript, I create the object: function testme(testNumber) { var testit = new TestMe(); let testpromise = testit.test(testNumber); document.getElementById("testit").innerHTML = "testpromise: " + testpromise; console.log("testpromise: " + testpromise);// testpromise is always undefined here!!! try { testpromise.then( function fulfilled(arg){ document.getElementById("testit").innerHTML = "fulfilled: " + arg; console.log("fulfilled: " + arg); webauthn = nil; }, function rejected(err) { document.getElementById("testit").innerHTML = "rejected: " + arg; console.log("rejected: " + err); webauthn = nil; } ); } catch(err) { console.log("caught error from testpromise: " + err); webauthn = nil; } }Where I call testit.test, the value testpromise is always undefined instead of being the promise returned from my ObjC class.My web view is UIWebView and not WKWebView
Post not yet marked as solved
The tester is an external tester.Can the invitation email be used on two devices, say an iPhone and iPad?Is there a restriction as to how many devices a tester can use?
pwn.