Have you considered to add support for roaming authenticators to ios/android?

When using the javascript webauthn APIs (through iOS webview), a following dialog is shown:

This provides an easy way to use same client code for both passkeys and security keys. However, when using the flutter library, as shown in your example app, there is only the passkeys option.

Thanks anyway for publishing the library, it has helped me greatly with my experiments on flutter and passkeys 👍

I'm following the example code on the documention, and throughout the whole process of sign up / sign in, it is not clear to me, where or what is the public key that I should use to verify user sign in requests.

When calling PasskeyAuthenticator().register(...) I get back in the response a RegisterResponseType object, that only contains the following information:

final String id;
final String rawId;
final String clientDataJSON;
final String attestationObject;

By decoding clientDatajSON I was able to recover more information about the passkey, such as id, challenge... But nothing related to the public key. What value should I use on my RelayingParty server as the public key for the created user?

Currently we only support performAutoFillAssistedRequests on iOS. Therefore it is not possible to automatically trigger a conditionalUI popup. Users can therefore complete conditional UI only through their keyboard.

Proposal:
Add another parameter to the loginWithPasskey method called "keyboardIntegrated: boolean". This allows for the following combinations:

• conditional: false, keyboardIntegrated: false (Android, iOS, Web)
• conditional: true, keyboardIntegrated: false (Android, iOS, Web)
• conditional: true, keyboardIntegrated: true (iOS)

Hey, through the review process for your extension, I noticed you're missing an icon, that is important for showing it in the marketplace. You can add one and send it for review again.

Find the docs on how to add it here.

Intro

To publish our plugin we must present its usage by including examples to it. Currently two main scenarios come to my mind that can be represented in an example each. The first one combines the app where the user signs in using passkeys with a custom backend (this serves data to the app).

Description

Before we write the example we must think of how the app will communicate:

• with the Corbado API: initially there will be interaction for the register and the login, but must there be refreshes?
• with the custom backend: the app must authenticate itself by including a token and thus proving that a user is signed in

Implementation idea

I've updated passkeys plugin from 1.1.0 to 2.0.7 I'm getting error while building for iOS
Swift Compiler Error (Xcode): Value of type 'ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest' has no member 'excludedCredentials'
.pub-cache/hosted/pub.dev/passkeys_ios-2.0.3/ios/Classes/PasskeysPlugin.swift:56:20

Is there any example of conditional UI implementation?

Intro

A new structure has been introduced for our flutter plugin on branch feature/prepare-opensource. This will become our temporary main branch where we develop a version 1 for our open source flutter plugin. See the README.md on that branch for more details on the basic ideas of that new structure (federated plugins, pigeons, openapi-generator).

Description

Currently, only the iOS platform package has been implemented.
Add the android one in this task.
Please stick with the iOS approach, i.e.:

• add the android implementation as one more federated plugin
• use pigeons to generate the channel code that glues flutter with android

Testing

Currently, we still do manual testing.
So for e2e manual testing start the example add in passkeys/example/lib/main.dart on an Android emulator and make sure that all three buttons work:

• "canAuthenticate" should return true
• "register" should guide the user through the registration flow => this is completed as soon as the user receives a confirmation email ("Confirm your sign up request to..." => confirm that email otherwise authentication seems not to work)
• "authenticate" should guide the user through the authentication flow

Implementation idea

• Take a look at some of the plugins in https://github.com/flutter/packages/tree/main/packages for inspiration (the plugins with real platform dependencies are the most interesting ones, e.g. image_picker, local_auth)
• Branch from feature/prepare-opensource and add the android package
• Then create a PR back to feature/prepare-opensource

I clone the project and run on a physical and virtual pixal 6a
but when I signing up, I alway got "Socket operation failed"
after I change api on api_client.dart from "https://.frontendapi.corbado.io" to "https://api.eu-1.corbado.io" which works on live demo but still got the same errror
please tell me how to do with that, thanks

To generate code for other packages I do a build_runner build before starting the app, but when I do this I get a white page and following error message
Rejecting promise with error: TypeError: Cannot read properties of undefined (reading 'init')

To replicate this problem, have the following setup:
New blank Flutter (v3.19.6) project
add corbado_auth: ^2.0.7 dependency
add build_runner: ^2.4.9 dev-dependency
run dart run build_runner build
try to start the app in a web application

Code:

final passkeyAuthenticator = PasskeyAuthenticator();

    // initiate sign up by calling the relying party server
    final webAuthnChallenge = await _dio.post(
        'http://localhost:19200/v1/auth/register/passkey/initiate',
        data: {'email': '[email protected]'});

    // call the platform authenticator to register a new passkey on the device
    final platformRes = await passkeyAuthenticator.register(webAuthnChallenge); // <--- Exception is thrown here

Error:

PlatformException (PlatformException(decodingChallenge, CustomErrors, Stacktrace: ["0   passkeys_ios                        0x000000010d21d654 $s12passkeys_ios9wrapError33_F74ED722C198BB4137EE305712CCDE86LLySayypSgGypF + 1588", "1   passkeys_ios                        0x000000010d22357f $s12passkeys_ios16PasskeysApiSetupC5setUp15binaryMessenger3apiySo013FlutterBinaryI0_p_AA0cD0_pSgtFZyypSg_yAJctcfU0_ys6ResultOyAA16RegisterResponseVs5Error_pGcfU_ + 559", "2   passkeys_ios                        0x000000010d226f67 $s12passkeys_ios14PasskeysPluginC8register9challenge12relyingParty4user10completionySS_AA07RelyingH0VAA4UserVys6ResultOyAA16RegisterResponseVs5Error_pGctF + 1591", "3   passkeys_ios                        0x000000010d227ed1 $s12passkeys_ios14PasskeysPluginCAA0C3ApiA2aDP8register9challenge12relyingParty4user10completionySS_AA07RelyingI0VAA4UserVys6ResultOyAA16RegisterResponseVs5Error_pGctFTW + 113", "4   passkeys_ios                        0x000000010d2232e3 $s12passkeys_ios16PasskeysApiSetupC5setUp15binaryMessenger3apiySo013FlutterBinaryI0_p_AA0cD0_pSgtFZyypSg_yAJctcfU0_ + 1459", "5   passkeys_ios                        0x000000010d222c31 $sypSgAAIegn_Iegng_yXlSgABIeyBy_IeyByy_TR + 225", "6   Flutter                             0x00000001187f863d __48-[FlutterBasicMessageChannel setMessageHandler:]_block_invoke + 171", "7   Flutter                             0x00000001181b0222 ___ZN7flutter25PlatformMessageHandlerIos21HandlePlatformMessageENSt21_LIBCPP_ABI_NAMESPACE10unique_ptrINS_15PlatformMessageENS1_14default_deleteIS3_EEEE_block_invoke + 94", "8   libdispatch.dylib                   0x00007ff800156a90 _dispatch_call_block_and_release + 12", "9   libdispatch.dylib                   0x00007ff800157d3a _dispatch_client_callout + 8", "10  libdispatch.dylib                   0x00007ff800166ac0 _dispatch_main_queue_drain + 1420", "11  libdispatch.dylib                   0x00007ff800166526 _dispatch_main_queue_callback_4CF + 31", "12  CoreFoundation                      0x00007ff8003f5850 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9", "13  CoreFoundation                      0x00007ff8003f018b __CFRunLoopRun + 2463", "14  CoreFoundation                      0x00007ff8003ef409 CFRunLoopRunSpecific + 557", "15  GraphicsServices                    0x00007ff80fcdd187 GSEventRunModal + 137", "16  UIKitCore                           0x00007ff805b703a2 -[UIApplication _run] + 972", "17  UIKitCore                           0x00007ff805b74e10 UIApplicationMain + 123", "18  Runner                              0x000000010be632bf main + 63", "19  dyld                                0x000000010bf3c3ee start_sim + 10", "20  ???                                 0x00000001180763a6 0x0 + 4698104742"], null))

Some of the RP server data for registration options:

const options = await generateRegistrationOptions({
      "Vlatko",
      "localhost",
      userID: user.id,
      userName: user.email,
      // Don't prompt users for additional information about the authenticator
      // (Recommended for smoother UX)
      attestationType: "none",
      // See "Guiding use of authenticators via authenticatorSelection" below
      authenticatorSelection: {
        // Defaults
        residentKey: "preferred",
        userVerification: "preferred",
        // Optional
        authenticatorAttachment: "platform"
      },
    });

I'm running in to an error when registering a passkey only on Android, iOS works just fine. Any idea what is causing this?

PlatformException(android-unhandledGoogle Password Manager, UNKNOWN EXCEPTION - java.lang.IllegalArgumentException: bad base-64, UNKNOWN EXCEPTION - java.lang.IllegalArgumentException: bad base-64, null)

For reference, here is the code I am running, and it is failing at the final registerRequestResponse = await passkeyAuthenticator.register(registerRequest); line during registration.

I have confirmed my google account and google play are set up correctly, as I am able to get the initial prompt to register the passkey, but upon clicking "Continue" it fails and errors out.

final userHandle = CryptoRNG().generate();
final userHandleEncoded = base64Encode(userHandle);
final passkeyAuthenticator = PasskeyAuthenticator();
final supportsPasskeys = await passkeyAuthenticator.canAuthenticate();
print(supportsPasskeys);
final registerRequest = RegisterRequestType(
  challenge: base64.encode(CryptoRNG().generate()),
  relyingParty: RelyingPartyType(
      name: 'Capsule', id: relyingPartyId ?? environment.relyingPartyId()),
  user: UserType(displayName: email, name: email, id: userHandleEncoded),
  authSelectionType: AuthenticatorSelectionType(
      authenticatorAttachment: 'platform',
      requireResidentKey: true,
      residentKey: 'required',
      userVerification: 'required'),
  pubKeyCredParams: [
    PubKeyCredParamType(
        type: PublicKeyCredentialType.publicKey.value, alg: es256Algorithm),
    PubKeyCredParamType(
        type: PublicKeyCredentialType.publicKey.value, alg: rs256Algorithm),
  ],
  timeout: 60000,
  attestation: 'direct',
  excludeCredentials: [],
);

final registerRequestResponse =
    await passkeyAuthenticator.register(registerRequest);

When I created an account on iOS and tried to log in from Android, it didn't work. But when I created an account on Android and then logged in from iOS, it worked fine using your website passkeys.eu.

Why am I unable to log in from Android after creating an account using an iOS device?

Hello,

I've encountered situations with iOS where an error gets thrown when authenticateWithAutoComplete is triggered:
ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)"

And when a subsequent call to authenticateWithEmail is triggered, this error gets thrown:
flutter: PlatformException(failed, The operation couldn’t be completed. Request already in progress for specified application identifier., , null)

It would be extremely helpful if PasskeyAuth can auto-cancel via something like ASAuthorizationController or if a cancel method is provided on the interface that can be programmatically invoked.

Environment Details

Flutter 3.16.0 • channel stable • https://github.com/flutter/flutter.git
Framework • revision db7ef5bf9f (2 weeks ago) • 2023-11-15 11:25:44 -0800
Engine • revision 74d16627b9
Tools • Dart 3.2.0 • DevTools 2.28.2

Real iPhone, iOS version 17.1.1

My flutter app is fully configured to support passkeys. Associated domains fully configured. Our domain's apple-app-site-association can be reached by Apple's CDN (https://app-site-association.cdn-apple.com/a/v1/our-domain

And thank you providing this excellent package to the community!

Package: passkeys

Background

Currently the passkey package does not support excludeCredentials (https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-excludecredentials).

TODO

Support this setting in the Android, iOS and web plugins

Have a wonderful day, everyone!
I'm implementing Passkey for my application with your Passkeys package, it's really great. Along with that, I am also implementing a relying party server.

I'm encountering some issues on Android 10. Specifically, the register flow works fine, but when I try to log in, I get the following error: Google Sign-In (beginSignIn) fails with Missing Feature{name=auth_api_credentials_begin_sign_in, version=8}
=> But I've tried it on Android 13 and both register/login work fine)

Attached to the post is CreationOptions when creating Passkey

Please help me. Special thanks.

Description

Currently, if a user cancels the signup he can not restart the signup because the user itself is already existing in our backend as the first register call has been made.

Testing

After canceling my register attempt I should be able to start a new one with the same email address.

Implementation idea

Not sure yet what the best solution for that problem is:

• deleting the user from the app is not working (we can probably not allow that to be done over the public API if the user is unauthenticated)
• we could alter the backend to allow "overwriting" a user if that user is in incomplete state (not trivial though, if implemented in this simple form it could allow stealing between users if the perfectly time this) => for this task we probably have to talk to someone familiar with the backend API and bounce some ideas.

@incorbador Create a copy of the flow (I can beautify it afterwards)

https://corbado.sharepoint.com/:p:/s/Corbado/ERocJ82eVdlPoNT4hCxUSmsBH9C9ohn020o9LEgzw6SKiA?e=6IUTwE

How to integrate passkeys with Amazon Cognito in Flutter?

Intro

To publish our plugin we must present its usage by including examples to it. Currently two main scenarios come to my mind that can be represented in an example each. The second one combines the app where the user signs in using passkeys with firebase (this serves data to the app). As Firebase is probably the default solution for small teams and individual programmers we should also show how to use passkeys with Firebase.

Description

Before we write the example we must think of how the app will communicate.
Then we can put a few ideas together what the example should include.

Implementation idea

• register and login can be done the normal way (direct communication to Corbado Frontend API)
• the login call returns a Corbado token
• this token can be exchanged to a Firebase JWT token by calling a Firebase cloud function => this cloud function must validate the token (either by just looking at it or by calling Corbado's API) and must create the Firebase JWT token
• the cloud function will be written and provided by us (Firebase has a concept of "extensions" for that and can be installed by users by a click
• finally the app can call signInWithCustom token (using the Firebase JWT) => now all firebase services can be used just as normal

Background
Currently, in the example, we use the email address as the "name" and leave the email field blank when creating a new user, as there is no username field in the example.

TODO
Can we please add the email also to the corresponding email address field in the backend.

I'm just starting a small passkey research and found this flutter plugin. Do you plan to extend the support for the desktop and web platforms?

My app need to handle the challenge progress it self, it this possible?

Hello,

Our flutter android app registration flow with passkeys is working fine but the login/authenticate flow is not working. Not sure how to debug this exception:
PlatformException(android-no-credential, During begin sign in, failure response from one tap: 16: Cannot find a matching credential., , null)

Not sure why android can't find a matching credential when the registration was successful.

All configurations outlined here https://developer.android.com/training/sign-in/passkeys were followed. Not sure, what is missing. If it helps, the registration UI looks like this and the flow works fine.

When we logout and log back in using the authenticate flow, the error above is thrown.

Environment Details
Flutter 3.16.0 • channel stable • https://github.com/flutter/flutter.git
Framework • revision db7ef5bf9f (2 weeks ago) • 2023-11-15 11:25:44 -0800
Engine • revision 74d16627b9
Tools • Dart 3.2.0 • DevTools 2.28.2

Real Pixel 3 XL, Android version 12

Our flutter app is fully configured to support passkeys. Support for digital asset links has been added.

And thank you providing this excellent package to the community!

Hey, cannot implement this package without be logged in into google account?

In android version 14 when the user clicks outside the pop up, and since the Google Authenticator pop up doesn't throw any exceptions, how can I navigate back to the previous screen?

• pub.dev Release
• make GitHub Repo public
• LICENSE.MD
• pubspec.yaml

I tried to use the passkeys/passkeys/example with an iPhone14 simulator, but you may need to provide an xcode signing profile to allow simulators to use the corbado domains. This is what I get when I try to signup:
A Dart VM Service on iPhone 14 is available at: http://127.0.0.1:58211/8JIzFRpqDNo=/
The Flutter DevTools debugger and profiler on iPhone 14 is available at:
http://127.0.0.1:9101?uri=http://127.0.0.1:58211/8JIzFRpqDNo=/
flutter: PlatformException(domain-not-associated, The operation couldn’t be completed. Application with identifier YEFSQLA92K.com.corbado.passkeys.pub is not associated with domain pro-6244024196016258271.frontendapi.corbado.io, , null)

flutter: CorbadoPasskeyBackend: pro-6244024196016258271

I got this error when I use SignUp....

The user is registered OK but it throw me that error, then if I try to signing, it throw me a snackbar "Instance of No PasskeyForDeviceException".
(I have been using fingerfrint passkey with other app the same phone)

Greetings! I'm currently using passkeys 1.3.2 in my project. However, when updating to the latest version 2.0.4, I encountered a backward compatibility issue on iOS, whereas Android functions as expected.

With passkeys registered under version 1.3.2, logging in using version 2.0.4 is not possible. Upon investigation, I discovered the following discrepancy:

• Version 1.3.2 sends userHandle: NTkxMTE4, equivalent to 591118 in base64.
• Version 2.0.4 sends userHandle: TlRreE1URTQ, which translates to NTkxMTE4 in base64, indicating that userHandle undergoes double encoding.

Is there a way to maintain the previous behavior to ensure the compatibility of passkeys saved by users?

Hey there, so I'm running in to an issue when running the example passkey native app in the repo on an android simulator. This is also the same as the error returned in my own application. Steps to reproduce:

1. From packages/passkeys/passkeys directory, run melos run example-passkeys-native as instructed in the README
2. Type in email address in the email address section
3. click sign up

Returns error after a moment saying TYPE_SECURITY_ERROR The incoming request cannot be validated.

I have not modified any parts of the example application.

When I am trying to register a passkey on my Redmi Android 14, it is giving me an exception saying 'Your device doesn't support credential manager

As we want to release a first version of our Flutter packages soon we need to make sure that our docs and examples are understandable and working.

We will release two packages:

• passkeys (packages/passkeys): Allows you to build passkey register/login flows.
• corbado_auth (passkeys/corbado_auth): Auth SDK that enables passkey based authentication. Handles persistent storage of tokens and refreshes (internally it uses the passkeys package).

For both of these packages we have a README.md (packages/passkeys/passkeys/README.md, packages/corbado_auth/README.md) and an example.

TODO:

• Go through the README.mds and search for errors. Also check, how understandable they are. Feel free to add suggestions. I did not invest time in styling yet, so feel free to improvements here too.
• Test if the two examples are working (ideally you test on an Android/iOS physical device and an Emulator/Simulator => 4 tests in total if you can test everything) => write down all errors that you encounter when testing these examples