[SOLVED] How to associate the localhost domain with my application identifier when using Passkey auth?

How to associate the localhost domain with my application identifier when using Passkey auth?

Working a Vapor application on localhost, and when trying to authenticate with Passkey using the iPhone simulator, the authorizationController(controller:didCompleteWithError:) delegate method triggers this error:

["NSLocalizedFailureReason": Application with identifier <APP_BUNDLE_ID> is not associated with domain localhost:8080]

The setup on the Vapor project is:

The server starts on https://localhost:8080
The /.well-known/apple-app-site-association file is being reach through (Vapor/RouteLoggingMiddleware.swift:14).

{
  "applinks": {
    "details": [
      {
        "appIDs": ["<APP_BUNDLE_ID>"],
        "components": []
      }
    ]
   },
  "webcredentials": {
    "apps": ["<APP_BUNDLE_ID>"]
  }
}

There is proper communication with the server, as I can see the username of the user being received from the iPhone simulator request. The request sends back the userID and the Challenge to authenticate with Passkey.

The setup on the iOS project is:

Associated Domains is webcredentials:localhost:8080?mode=developer

The code to create the Passkey authentication:

  func authenticate(with email: String) async throws {

    let publicKeyProvider = ASAuthorizationPlatformPublicKeyCredentialProvider(
      relyingPartyIdentifier: "localhost:8080"
    )

    // The authentication request to receive the `userID` and `Challenge`.
    // This part is sucessful.
    let authenticationData = AuthenticationData(email: email)
    let urlRequest = try urlRequest(with: authenticationData, atEndpoint: .authentication)
    let data = try await serverCall(for: PublicAuthKeyData.self, on: urlRequest)

    let registrationRequest = publicKeyProvider.createCredentialRegistrationRequest(
      challenge: data.challenge.decodeBase64(),
      name: email,
      userID: data.userID.decodeBase64()
    )

    let authController = ASAuthorizationController(
      authorizationRequests: [registrationRequest]
    )
    authController.delegate = self
    authController.presentationContextProvider = self
    authController.performRequests()
  }

From there, the authorizationController(controller:didCompleteWithError:) trigger the error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004

Solution

Paskeys require verifying the domain with the app via the app sites association file. In order to do this the app needs to be able to make a network request over the internet to get the file so localhost won't work. You can use something like ngrok to expose a local service to the internet to make it work