Post not yet marked as solved
We have been searching for almost one year for answers as to why wkWebView using an Entitled Domain will allow Autofill with KeyChain to fill credentials, but will not trigger Autofill to store/save them. In other words, if users have previously stored credentials in Safari while visiting domain X, subsequent visited to wkWebView with entitled domain X will allow use of those credentials in wkWebView through the Autofill/Keychain dialogue. However, users cannot save/store credentials within wkWebView in Trusted domain X because the save dialogue is never triggered.
Post not yet marked as solved
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'Application tried to present modally a view controller <_SFAppAutoFillPasswordViewController: 0x106e22ee0> that is already being presented by <UIKeyboardHiddenViewController_Autofill: 0x106e25a10>.'
IOS16(not sure other OS version could reproduce this or not) click on textfield, then keyboard shows(with a key button above), click key button, it crashes randomly.
Post not yet marked as solved
Hi, we are facing on a strange behaviour since iOS 16.
In a registration view, we have two text field to insert password (password textfield and confirm password text field).
Suggest strong password is abilitate (from iCloud... password & keychain).
When user tap on password text field, can choose between strong password or text custom password. If user choose custom password, can text his own password as usually. But when he tap the second text field (confirm password) Apple fill in automatic both text field, cleaning the first text field...
So user entry in a loop where he text password and when go next, previous textfield be cleaned and both text field filled with a new suggestion.
Searching on the web we don't find any solution to it. Also because we try just to set text fields as .password or .newPassword. But this behaviour is always the same.
Maybe is it a bug of iOS 16?
How we can allow user to chose a custom password if the system fill always in automatic the password text fields, every time he tap on them?
When using password autofill on Safari 16.4 (Ventura 13.3 on M1 Mac), and a third party password manager, when the proposed credential is selected an exception dialog appears.
This is new behaviour since the 16.4/13.3 update.
Touch id may be on or off - same result.
Traceback from exception:
Exception Name: NSInvalidArgumentException
Description: -[WBSCredentialIdentityMatch autoFillPasskey]: unrecognized selector sent to instance 0x600003bd3f00
User Info: (null)
0 CoreFoundation 0x000000018928719c __exceptionPreprocess + 176
1 libobjc.A.dylib 0x0000000188da64d4 objc_exception_throw + 60
2 CoreFoundation 0x000000018932e178 -[NSObject(NSObject) __retain_OA] + 0
3 CoreFoundation 0x00000001891ef150 ___forwarding___ + 1600
4 CoreFoundation 0x00000001891eea50 _CF_forwarding_prep_0 + 96
5 Safari 0x00000001b3ffc7b4 -[FormAutoFillCompletionControllerObjCAdapter shouldShowAuthenticationSheetForCompletionListItem:] + 136
6 Safari 0x00000001b3ffa770 -[FormAutoFillCompletionControllerObjCAdapter performActionForListItem:result:shouldAbortCompletion:] + 44
7 Safari 0x00000001b3ff04e8 _ZN6Safari32FormAutoFillCompletionController29performSelectedListItemActionERNS_33FormAutoFillCompletionShouldAbortE + 84
8 Safari 0x00000001b3ffb844 -[FormAutoFillCompletionControllerObjCAdapter menuTableView:mouseUpInRow:] + 56
9 Safari 0x00000001b3f0dbe0 -[MenuTableView mouseDown:] + 312
10 AppKit 0x000000018c5ce474 -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 3476
11 AppKit 0x000000018c5590dc -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 364
12 AppKit 0x000000018c558d9c -[NSWindow(NSEventRouting) sendEvent:] + 284
13 AppKit 0x000000018c5580e0 -[NSApplication(NSEvent) sendEvent:] + 1556
14 Safari 0x00000001b3dc6f64 -[BrowserApplication sendEvent:] + 496
15 AppKit 0x000000018c7a80f0 -[NSApplication _handleEvent:] + 60
16 AppKit 0x000000018c41f57c -[NSApplication run] + 500
17 AppKit 0x000000018c3f69a8 NSApplicationMain + 880
18 Safari 0x00000001b412daa8 SafariMain + 408
19 dyld 0x0000000188dd7f28 start + 2236
Post not yet marked as solved
Hi guys,
I am trying to get webcredentials for associated domains to work on a standalone watchOS-app that I am working on.
The AASA-file is hosted correctly, and the keychain autofill works fine on the iOS-app within the same workspace using the same associated domain.
The setup on the watchOS-app is close to identical to the iOS-app. The textContentType-modifiers are correctly added onto the textfields. Within the watchOS-app, the textfields allow me to browse my keychain but it doesn't filter the credentials linked to my associated domain.
The developer docs say:
For watchOS apps, you must add the Associated Domains capability to the WatchKit Extension target.
I assume that this doesn't apply to standalone watchOS-apps that do not have the WatchKit Extension.
Has anyone encountered this issue? Appreciate any ideas.
Post not yet marked as solved
As per apple documentation we are setting textContentType with "" in order to disable password auto fill view option on keyboards which is working fine in all iOS versions below 17 beta.
Seems like it broke & password auto fill view option appearing on keyboards for iOS 17 beta versions even on setting textContentType with "" & inputAccessoryView as nil
self.username.textContentType = @"";
self.password.textContentType = @"";
Post not yet marked as solved
what could be the reason that we after saving and deleting the same list of [ASPasskeyCredentialIdentity], the credential still show up in the OS UI (quick type bar or when tapping the password key icon on top of the keyboard).
does that mean the remove operation fail? but our log indicate that the removeCredentialIdentities completion closure succeed without error.
and for the ASPasskeyCredentialIdentity initialization, we fill in the parameters from the same object, so we believe the id parameter shall be the same (which identify the same ASPasskeyCredentialIdentity to be saved and removed)
what could be the reason that it is still showing up in the OS UI? is this a know issue?
Post not yet marked as solved
As announced for iOS 17 and macOS Sonoma, “One-time verification codes you receive in Mail are filled in automatically, so you can log in without leaving Safari.”
Is there any documentation about this? Maybe for a specific keyword that must be in the HTML email body? I tried it on my website with a verification code sent by email and it didn't work.
Post not yet marked as solved
Hi,
Does anyone know how to see or configure the period during which Safari honors biometric confirmation for autofill?
I've looked at the settings in bioutil but they don't align to what I'm seeing.
I frequently have to use my password to autocomplete Safari autofill for logins/passwords. If I use it in the morning, I'll have to go back to using the password once again by afternoon.
bash-3.2# bioutil -r -s
System Touch ID configuration:
Touch ID functionality: 1
Touch ID for unlock: 1
Touch ID timeout (in seconds): 172800
Operation performed successfully.
bash-3.2# bioutil -r
User Touch ID configuration:
Touch ID for unlock: 1
Touch ID for ApplePay: 1
Effective Touch ID for unlock: 1
Effective Touch ID for ApplePay: 1
Operation performed successfully.
Post not yet marked as solved
Any extension views called from ASCredentialProviderViewController -> open func prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest) cannot be rotated (to landscape). Is it a known issue or I am missing anything? Please suggest. Thanks!
Post not yet marked as solved
My team and I manage 12 mobile applications and these are white-label applications. The company offers a web app equivalent to the mobile app, and we only have one client with a website and a mobile app right now.
The web app version of the app is hosted as a subdomain of the company's website, like app1.company.com and the plan for the other apps is to continue to host them as subdomains of the company's domain, like this: app2.company.com, app3.company.com, etc.
We would like to add the iOS Autofill feature for all apps so users can save their login credentials in their Keychain. Users can download more than 1 app, there is no restriction on that, and the user can have different login credentials for each application.
Can the domain have multiple Apple App Site Association files for each app subdomain?
Post not yet marked as solved
When using password autofill on Safari 17.1 (Sonoma 14.1 on M1 Mac), and a third party password manager, the quicktype bar doesn't appear.
However on an Intel Mac with the same version of Sonoma and same Autofill configuration, it works as seen on Ventura.
Feedback assistant report has been submitted (FB13333122).
Post not yet marked as solved
I've implemented Password AutoFill for our webpage. It's working fine in safari browser and SFSafariViewController
Safari browser
Same way, in our mobile app, we are using a web-based login page. For the login, we are using WKWebView, but in WKWebView the popup is not showing, instead, it’s showing the normal keyboard.
WKWebView - App
Already configured Associated Domains under Capability.
webcredentials:prod.auth.TestDomain.org
Post not yet marked as solved
Hi,
we want to implement passkey in our password manager, but we can not find documentation how to create passkey and save in our database? Can some one help?
Post not yet marked as solved
After upgrading iOS from 17 to 17.1, the list of passkeys registered to the ASCredentialIdentityStore is not displayed in the Safari QuickType bar. (Google Chrome browser is ok)
Post not yet marked as solved
I developed an app that implements autofill extension with ASCredentialProviderViewController to provide passkeys.
while it works smoothly on internal connections (e.g. register to webauthn.io on the same device where my app is installed), it fails when i'm scanning QR code on another device.
I suspect it's a problem with the flags of the passkey attestation object as the only difference between the 2 requests (internal and hybrid) I've found is that the userVerificationPreference is changed from preferred (internal) to required (hybrid).
i sent those flags (both on hybrid and internal connection):
binary rep: 01011101
decimal rep: 93
is anyone has a clue what goes wrong?
Hi all, I'm trying to create a passkey provider application and I can consistently register a passkey through
'prepareInterface(forPasskeyRegistration registrationRequest: ASCredentialRequest)' everywhere that accepts passkeys.
However, when I attempt to then use that passkey to sign in with 'provideCredentialWithoutUserInteraction(for credentialRequest: ASCredentialRequest)'
My code will work on some sites.. and not others.
For instance: https://passkey.org/ and https://webauthn.io/ both work flawlessly.
But if I then try to do the same with Github, Uber, or Coinbase (really any application "in the wild") the assertion portion fails with a generic error like "This passkey can't be used anymore."
I've debugged every request and response object line by line and can't find a single difference between a site that works, and one that doesn't.. Does anyone know why this could be the case?
Here's my assertion code:
guard let request: ASPasskeyCredentialRequest = credentialRequest as? ASPasskeyCredentialRequest else { return }
// Following specs from here: https://www.w3.org/TR/webauthn/#sctn-signature-attestation-types
let hashedRp: [UInt8] = Array(SHA256.hash(data: Data(request.credentialIdentity.serviceIdentifier.identifier.data(using: .utf8) ?? Data([]))))
let flags:[UInt8] = [29] // 00011101 - only one that seems to work
let counter:[UInt8] = [0, 0, 0, 1] // just for testing, always the first for now until this works
let authData = hashedRp + flags + counter
let signature = try privateKey.signature( for: Data(authData + request.clientDataHash) )
let response: ASPasskeyAssertionCredential = ASPasskeyAssertionCredential(
userHandle: Data(request.credentialIdentity.user.utf8),
relyingParty: request.credentialIdentity.serviceIdentifier.identifier,
signature: signature.derRepresentation,
clientDataHash: request.clientDataHash,
authenticatorData: Data(authData),
credentialID: Data(credentialId.utf8)
)
extensionContext.completeAssertionRequest(using: response)
Any help would be very appreciated as I've been stuck on this for a while now.
I'm developing an iOS app that contains a Credential Provider Extension, and I want it to support passkeys. I've set the ProvidesPasskeys key to YES in the Info.plist of the extension, and in the CredentialProviderViewController I've implemented:
func prepareCredentialList(
for serviceIdentifiers: [ASCredentialServiceIdentifier]
)
func provideCredentialWithoutUserInteraction(
for credentialRequest: ASCredentialRequest
)
func prepareInterfaceToProvideCredential(
for credentialRequest: ASCredentialRequest
)
func prepareInterface(
forPasskeyRegistration registrationRequest: ASCredentialRequest
)
Standard password autofill suggestions that I have added to the system store are presented to me when I arrive to the corresponding login page, and the autofill flow succeeds via my extension. When I attempt to create a new passkey on my iPhone, whether it be in Safari on a website that supports passkeys (e.g. google.com) or within a native app that supports the creation of passkeys (e.g. PayPal), I am not given the option to create a passkey using my extension. The only option that is provided to me is the builtin Keychain option. On the "Settings->Passwords->Password Options" page I have "AutoFill Passwords and Passkeys" switch on and in the section titled "USE PASSWORDS AND PASSKEYS FROM:". I have selected both my app and "iCloud Passwords & Keychain". If I uncheck "iCloud Passwords & Keychain" and then attempt to create a passkey then I am shown a system sheet which tells me to go to the settings page to "choose how to manage passkeys".
Any ideas on how to troubleshoot this situation?
Thanks very much!
-Jeremy
Post not yet marked as solved
I am developing a Mac app which provides a Credential Provider extension and I'm having trouble with passkey integration. I wrote here about the issue I'm having with the iOS app. On the Mac I'm experiencing a different issue. As opposed to the iOS app (where I'm not even able to use my extension to create a new passkey in the first place) on the Mac I'm able to use my extension to create a passkey. I save the credential identity into the system AutoFill suggestions store without error. The problem is that when I attempt to authenticate on the same site the system does not offer my app's credential as a suggestion. Standard passwords are working fine. Can anyone help me understand how I can troubleshoot this type of problem?
Thanks!
-Jeremy
Post not yet marked as solved
Garritt,
Kudos for leadership on making Apple PassKeys a reality.
would like to consult with Apple security/privacy/authentication teams about new anon/auth tools for web security and device logins generally. concepts are shared in uspto pending patent app 17/572336, for which notice of allowance has issued.
thanks,
timo
founder and seo
PoKos Communications Corp.
603.491.9792 (m)
