Is there a way to specify the port on the server to add the AASA files to?

Hi.

I'm trying to develop a passkey app connected with a Webauthn server.

There is a problem in the process of creating the Attestation Object.

Since I am assigned 8445 port, I need to upload the /.well-known/ directory to that port.

In the WebAuthn specification, the RPID should not include the port number. (https://www.w3.org/TR/webauthn-2/#relying-party-identifier)

When initializing an ASAuthorizationPlatformPublicKeyCredentialProvider object, if I add the port number to RPID, the passkey UI will work and ASAuthorization object will be checked.

But, I don't get authentication from webauthn server because the Attestation Obj is generated with RPID which contains port.

Is there any way to specify the port number to check the "well-known" directory? Or is it only possible on port 443?

I checked the post, but there is no more feedback, so I'm asking a question. (https://developer.apple.com/forums/thread/730028)

Post not yet marked as solved Up vote post of OhjunKwon Down vote post of OhjunKwon
733 views
Posted by
OhjunKwon
Reply
Add a Comment

Replies

I tried removing the port number of RPID by allowing port 443.

As a result, the origin value of clientDataJson is changed, so authenticating does not proceed.

What should I do?

Posted by
OhjunKwon
Up vote reply of OhjunKwon Down vote reply of OhjunKwon
Add a Comment

This is not currently supported. The apple-app-site-association file does not support custom ports. The WebAuthn spec allows for the RPID and origin to differ (within a fixed set of rules), but because apps can be associated with different domains, we rely on the RPID to specify the effective origin of the current request (and use the site-association file to verify that that's allowed). Because of that, we don't currently allow the RPID and origin to be different.

If you have a use case where you feel this is important, please tell us about it through Feedback Assistant!

Posted by
garrett-davidson
Up vote reply of garrett-davidson Down vote reply of garrett-davidson
Add a Comment