Is there a way to specify the port on the server to add the AASA files to?

Question

OhjunKwon OP

Created Aug ’23

Replies 2

Boosts 1

Views 1.1k

Participants 3

Hi.

I'm trying to develop a passkey app connected with a Webauthn server.

There is a problem in the process of creating the Attestation Object.

Since I am assigned 8445 port, I need to upload the /.well-known/ directory to that port.

In the WebAuthn specification, the RPID should not include the port number. (https://www.w3.org/TR/webauthn-2/#relying-party-identifier)

When initializing an ASAuthorizationPlatformPublicKeyCredentialProvider object, if I add the port number to RPID, the passkey UI will work and ASAuthorization object will be checked.

But, I don't get authentication from webauthn server because the Attestation Obj is generated with RPID which contains port.

Is there any way to specify the port number to check the "well-known" directory? Or is it only possible on port 443?

I checked the post, but there is no more feedback, so I'm asking a question. (https://developer.apple.com/forums/thread/730028)

Boost

Answer 1

OhjunKwon OP

Aug ’23

I tried removing the port number of RPID by allowing port 443.

As a result, the origin value of clientDataJson is changed, so authenticating does not proceed.

What should I do?

0

Answer 2

Systems Engineer OP

Apple

Aug ’23

This is not currently supported. The apple-app-site-association file does not support custom ports. The WebAuthn spec allows for the RPID and origin to differ (within a fixed set of rules), but because apps can be associated with different domains, we rely on the RPID to specify the effective origin of the current request (and use the site-association file to verify that that's allowed). Because of that, we don't currently allow the RPID and origin to be different.

If you have a use case where you feel this is important, please tell us about it through Feedback Assistant!

0