Obscure error is thrown

[S-Voss]

I am working on a React Native application and am trying to support the Fido2 auth standard. I believe I have the server side configured correctly with AWS, however, when I call Passkey.register() I keep getting a really obscure error:

Object { "error": "RequestFailed", "message": "The request failed. No Credentials were returned.", }

I am using version 2.0.0 of this library. Is there a way to tell what is causing the issue such as a way to confirm my challenge is formatted correctly? Is there a specific simulator version I need to use for testing? I'm stuck on troubleshooting next steps as all my attempts are starting to go in circles and keep leading me back to this vague error message.

[f-23]

Hi @S-Voss, what OS and OS Version does this error occur on?

Check this file for an example registration request. If your challenge looks similar to the one in the example it should be formatted correctly.

[S-Voss]

I'm currently running Xcode 14, iOS 16.4 on a iPhone 13 Pro simulator. What version do you currently run during development? I'm also running RN 0.72.4.

[S-Voss]

It appears my registration request looks correct. My challenge seems slightly longer than your example but I don't think that is a concern? Thanks for the help by the way. This has been a 5 day struggle and I like the idea of biometric auth.

[S-Voss]

I created a new RN project using 0.70.3 as this project uses and I still get the same error message. I'm running out of things to test unfortunately so any help would be great. Could it simply just be failing to authenticate because the challenges are failing to pass? I'm not sure how to troubleshoot this further.

[f-23]

In that case the error probably comes from the native ASAuthorization error code 1004, which can unfortunately be caused by many things.

Did you follow the README instructions or Apple Developer Docs to set up your associated domain with the app? You said you're using AWS as your backend, would it be possible for you to set up a small local fido server for testing purposes and see if that works for you?

[S-Voss]

So I spun up a website and added WebAuthN to it via the same server I'm pointing the react native application to. I've triple checked the README and confirmed my associated domain credentials as well. I'm still getting the same exact error.

[f-23]

Would it be possible for you to provide an example registration request from your backend?

Have you tried setting up the example app? You can find it inside the repo.

[S-Voss]

When I run the example I get something similar: {"error": "InvalidChallenge", "message": "The provided challenge was invalid"}

I noticed an issue with React Native pointing to iOS version 11.0 which breaks the example. I had to modify the Podfile to point to 12.0 in order for it to build properly. Could it be a versioning issue with the recent RN updates?

An example registration request being sent to Passkey.register looks like this:

const challenge = response.challenge.replace(/-/g, "+").replace(/_/g, "/") + "=="
{
    "challenge": challenge,
    "rp": {
      "id": "localhost",
      "name": "test"
    },
    "user": {
      "id": response.user.id,
      "name": response.user.name,
      "displayName": response.user.displayName
    },
    "pubKeyCredParams": [
        {
          "type": "public-key",
          "alg": -7
        },
        {
          "type": "public-key",
          "alg": -257
        }
    ],
    "timeout": 1800000,
    "attestation": "none",
    "excludeCredentials": [],
    "authenticatorSelection": {
        "authenticatorAttachment": "platform",
        "requireResidentKey": true,
        "residentKey": "required",
        "userVerification": "required"
    }
  }

Interestingly, when I add my toBase64String logic to the example, the 'invalid challenge' errors instead throws the obscure error that I'm seeing...i.e {"error": "RequestFailed", "message": "The request failed. No Credentials were returned."}.

The issue seems to be an incorrect challenge format perhaps but I'm not sure what the issue could be then.

[f-23]

Just to confirm, localhost is just a placeholder for the actual rpId right?

Like I said the error code doesn't really tell us much, but I still suspect it has something to do with your backend configuration and/or the domain association.

[espenhogbakk]

Interestingly, when I add my toBase64String logic to the example, the 'invalid challenge' errors instead throws the obscure error that I'm seeing...i.e {"error": "RequestFailed", "message": "The request failed. No Credentials were returned."}.

I don't know what you're using on the server, but i'm using the SimpleWebAuthn JS library. And it returns challenge as Base64URL encoded string, and to make that work using react-native-passkey on iOS i needed to convert the Base64URL string to Base64 for it to work. Without doing that i would get the 1004 error from iOS.

After that i got the same error that you're reporting {"error": "RequestFailed", "message": "The request failed. No Credentials were returned."

I tracked down to SimpleWebAuthn expecting the registration attestation sent from the client to the server to have a type and for that type to be public-key, if not it will fail.

So i did:

    registrationAttestation = await Passkey.register(registrationOptions);
    // TODO - Figure out why this doesn't come from the Passkey library and if it's
    // okay to override it like we do here. SimpleWebAuthn#verifyRegistration expects
    // a type, and returns an error if it's missing.
    // https://github.com/MasterKale/SimpleWebAuthn/blob/5229cebbcc2d087b7eaaaeb9886f53c9e1d93522/packages/server/src/registration/verifyRegistrationResponse.ts#L82
    registrationAttestation.type = 'public-key';

Not sure if it's a good idea or not, but that at least got me passed the errors.

Sorry if this is not relevant for your setup @S-Voss.

@f-23 Should react-native-passkey set the attestation type, or is it SimpleWebAuthn who is wrong in requiring it to be set?

[sa-ma]

@S-Voss were you able to solve this problem? I am getting the same error message

[yakirbitan]

@S-Voss were you able to solve this problem? I am getting the same error message

I got the same error and after reading the comments here, I caught the problem and that was related to associating domains in apple-app-site-association file.

[MikeDevBeddo]

@S-Voss were you able to solve this problem? I am getting the same error message

@S-Voss were you able to solve this problem? I am getting the same error message

I got the same error and after reading the comments here, I caught the problem and that was related to associating domains in apple-app-site-association file.

https://developer.apple.com/forums/thread/727267

After a bit of research, I found out that 16 ios requires a Security Key. Try adding withSecurityKey: true

If there is another solution without Security Key - relevant for me too

[yakirbitan]

@S-Voss were you able to solve this problem? I am getting the same error message

@S-Voss were you able to solve this problem? I am getting the same error message

I got the same error and after reading the comments here, I caught the problem and that was related to associating domains in apple-app-site-association file.

https://developer.apple.com/forums/thread/727267

After a bit of research, I found out that 16 ios requires a Security Key. Try adding withSecurityKey: true

If there is another solution without Security Key - relevant for me too

@MikeDevBeddo Currently, I am using iOS 17.2 without a Security Key and everything is working fine.

[MikeDevBeddo]

@S-Voss were you able to solve this problem? I am getting the same error message

@S-Voss were you able to solve this problem? I am getting the same error message

I got the same error and after reading the comments here, I caught the problem and that was related to associating domains in apple-app-site-association file.

https://developer.apple.com/forums/thread/727267 After a bit of research, I found out that 16 ios requires a Security Key. Try adding withSecurityKey: true If there is another solution without Security Key - relevant for me too

@MikeDevBeddo Currently, I am using iOS 17.2 without a Security Key and everything is working fine.

Same with 17+, but does iOS 16 work just as well?

[MikeDevBeddo]

I also think the problem with iOS 16 might be related to the simulator. I can't find any binding with iCloud (only internal keychain), and it's not possible to put some 1Password on the simulator either. So superficially the problem may be related to the lack of workaround options inside the simulator

[f-23]

@MikeDevBeddo You might be right, the reports all seem to have the usage of the iOS simulator in common.

A physical test device is definitely preferred for passkey implementation, but if thats not an option for you please try to use iOS 17+ as Passkey implementation on iOS 16 simulator seems to have had some issues.

[SDAChess]

We have the same problem and updating to iOS 17 did not work. Do you have any ideas other than those mentionned on the thread that we already tried?

Update: We managed to solve it by adding ?mode=developer to the webcredentials url in XCode it skipped the cache and fetched correctly the app site association.

[angem-cleo]

I'm currently getting the same error, AASA is set up with the expected bundle identifier and the domain has been set correctly in the webcredentials. When I add breakpoints at run time I get [0]= "NSLocalizedFailureReason": "Application with identifier XXXXX.com.xxxxx.xxxx is not associated with the domain xxx.xxx.tech.

I can see that at <domain>/.well-known/apple-app-site-association does contain the correct identifier under webcredentials --> apps and yet I still get

"error": "RequestFailed",
"message": "The request failed. No Credentials were returned.",
}

None of the above solutions have helped, is there anything else that could help me get past this issue?

[eth-jashan]

@angem-cleo did you find anything on this issue ?

[angem-cleo]

For us it was a basic typo in the apple-app-site-association file where we found a rogue : that was throwing everything off and not giving us any helpful errors to detect.

[akshay-rr]

@S-Voss @f-23 @angem-cleo I'm facing the same error as well. I would like to confirm - the rpID I'm using is for the domain where my AASA file is served which is different from where by Webauthn backend is being hosted. Could this be an issue?

I'm hosting my webauthn server locally (@simplewebauthn/server). Over there I've set rpID and origin equal to . I am hosting my AASA file at /.well-known/apple-app-site-association.

I have set the associated domain value in xcode as well as per instructions provided in the documentation.

I am getting the exact same error.

Object {
"error": "RequestFailed",
"message": "The request failed. No Credentials were returned.",
}

Is there anything here that I'm doing incorrectly that can be changed to make this work?

[f-23]

@akshay-rr

The rpId should be the domain the aasa file is hosted on. It needs to match the one in the registration or authentication request. You should be able to configure this on your webauthn server. Please double check if you've entered the right domain/rpId in both XCode and your server configuration. As the @simplewebauthn/server documentation says, origin should be equal to https://{rpId} on iOS. On Android it needs to match a hash of your app signing key. You can get more info on that here.

I'm also working on an update which will improve error logging, especially on iOS, to make tracking down issues like this easier. Hope this helps!

[dab-code]

I'm facing the same issue. The well-known's for both Android and iOS seem correct, so does the registration request from our server. It works on Android but iOS is throwing the same error:

Object {
    "error": "RequestFailed",
    "message": "The request failed. No Credentials were returned.",
}

Looking forward to the improved error logging - it's always appreciated :partying_face: :clap: