User authentication is handled by a single function signInWith() in the AccountManager class for both platform keys and security keys. To authenticate, initialize a PublickeyCredentialProvider to make requests to the Passkeys API for key generation and signing.

NOTE: Here the data.response.rp.id is from the parsed PreAuthResponseModel as specified in ResponseModel.swift file.

Getting the Challenge

Get the challenge from the FidoService by starting a preauthenticate request and getting a PreAuthResponseModel back as data.

The challenge is decoded from Base64Url to a data stream for the ASAuthorization API to process.

Setting Request Preferences, Making Registration Requests

After obtaining the challenge, create a credential assertion request. This request can be signed by either Passkey or a security key, based on the type of credentials the user has registered when using the app. To make these request objects, this example uses platformKeyCredentialProvider and securityKeyCredentialProvider created earlier.

Optionally set preferences for the request objects: attestation, user verification, credential parameters, allowed credentials, etc.

For platform keys (Passkeys) attestation preference is set to none because the Passkeys API doesn't support attestation as of iOS 15 Beta 8.

Signing the Challenge with Passkeys/Security Key

After creating a request and setting the preferences, one can perform these requests using ASAuthorizationController and get the AuthorizationResponse.

Since AccountManager conforms to ASAuthorizationControllerDelegate and the delegate is set to self, AuthorizationResponse is returned.