vapornetwork-securitypasskey

Local development with the apple-app-site-association file


I’m trying to locally test my passkey implementation. My Vapor server is hosted on localhost, on port 8080.

During the passkey authentication process the apple-app-site-association file must be within reach. To test this, I have firstly used curl to confirm the application json header is set. Secondly I have accessed the file via the safari browser and I can see the json there. However the URL must specify the port number (the JSON won’t appear otherwise).

Does this mean the port number must be specified in the debug entitlements file and the Apple transport security exception domains list?

My passkey implementation is a direct copy of Apples sample code but it throws an error claiming the App is not associated with localhost. My server does not log that the public folder was queried at all.

I have the ?mode=developer query set in the debug entitlements file.


Solution

  • Since Apple's servers need to be able to call your backend to verify the ownership, localhost will not work. You should use something like ngrok to expose it to the internet to make the challenge work.

    You should set the domain in the ASA to whatever you get from Ngrok