Closed peterferguson closed 9 months ago
Hey just realised that in the version 2 the credentials are actually passed with the request but it doesn't look like they are respected in the iOS version?
This actually answers my questions about the api etc too so I will update the pr to account for this in a bit 👍
Thank you for the PR!
You are right, for cross-platform compatibility reasons I had to change the way requests are made in version 2.
Since Android just takes the json request as is and uses it to register/authenticate the user we can assume that the allowCredentials option gives developers enough control over targeting specific credentials (and transports).
iOS works a bit different, so we would need to extract the credential descriptors from the json request and pass it in separately, similar to the way you proposed.
This would include the transports
data which could be translated to the iOS-specific enum and replace the withSecurityKey
option.
Let me know what you think.
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.
This PR was closed because it has been stalled for 10 days with no activity.
Add
credentialIDs
to iOS apiThis pr adds the ability to pass a set of allowed credentialIDs to the iOS
authenticate
function. This enables the developer to force the user to choose a specific passkey when signing in. This is important in a crypto context where passkeys are used as an alternative to a seed phrase. In this situation you want force the user to use a specific key so they don't sign a transaction with the wrong key. But, of course, there are more non-crypto use-cases.We have been using this patch in production for the past 7 months so I thought it was about time to create a pr!
```diff diff --git a/ios/Passkey.m b/ios/Passkey.m index 4c50f0d51709d1cb490af4b5c8092fe42cd3c2d9..aa81705149322fb8da2e957ae243c5f89c2bcecc 100644 --- a/ios/Passkey.m +++ b/ios/Passkey.m @@ -13,6 +13,7 @@ RCT_EXTERN_METHOD(register:(NSString)identifier RCT_EXTERN_METHOD(auth:(NSString)identifier withChallenge:(NSString)challenge + withCredentialIDs:(NSArray) credentialIDs withSecurityKey:(BOOL) securityKey withResolver:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject); diff --git a/ios/Passkey.swift b/ios/Passkey.swift index ead171651f8ab8ca8f0c9554d28871e4f9c358c6..b754e06e5e07a46e777ec5faf3063b08b4625674 100644 --- a/ios/Passkey.swift +++ b/ios/Passkey.swift @@ -69,8 +69,8 @@ class Passkey: NSObject { } } - @objc(auth:withChallenge:withSecurityKey:withResolver:withRejecter:) - func auth(_ identifier: String, challenge: String, securityKey: Bool, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) -> Void { + @objc(auth:withChallenge:withCredentialIDs:withSecurityKey:withResolver:withRejecter:) + func auth(_ identifier: String, challenge: String, credentialIDs: ArrayThings to note
authenticate
function to allow for backwards compatibility with the current api but also to warn the user that usingcredentialIDs
&withSecurityKey
is forbidden for now. This uses a simple discriminated unionSupporting both
credentialIDs
&withSecurityKey
I want to open a discussion around the desired api for combining these two options. How best to design the api is unclear.
To my mind there are two obvious approaches:
Allow each credential to have a specific transport type that you wish to enforce
Allow the user to pass acceptable
transports
Transport enum choice
For the transports there is also a choice to be made, whether to go with the Apple naming convention
Or the w3c definitions?