Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
iOS Passkey authentication request does not present correct passkey when provided with credentialId
We have an application at keys.coinbase.com that allows for webauthn registration and attestation with passkeys.
A user can create a passkey and authenticate with that passkey. A user can also have multiple passkeys.
After a recent iOS update, when a user has multiple registered passkeys for our Relying Party Domain (keys.coinbase.com) whose passkey names are identical (i.e. "Smart Wallet"), 1Password fails to request authentication for a specific one of the identical passkeys even an allowed credential is passed to the authentication function.
For instance:
Passkey 1
Name: "Smart Wallet"
CredentialID: "123abc"
Passkey 2
Name: "Smart Wallet"
CredentialID: "456def"
If both credentials exist and I try to authenticate specifically with Passkey 1 by providing the credentialId "123abc" to the authorization request, 1Password fails to display the appropriate credential.
Instead, I see cross-platform prompts and an option to choose a 1Password credential from a subsequent tray (see screenshot).
You can reproduce this issue on an iOS device with the latest version of 1Pass iOS by:
1. Go to https://coinbase.github.io/coinbase-wallet-sdk/
2. Under "Wallet connection" > "eth_requestAccounts" > press Submit
3. Popup opens to "Sign in with Base" > Select "Create account"
4. Do not enter a "Passkey name" > Press "Continue"
5. Save passkey to 1Pass iOS by pressing "Continue" on the "Create a passkey?" system tray
6. In 1Pass UI tray that pops up, make sure you select to "Create new item for..." and press "Save"
7. Once you've saved the passkey, you will automatically land back on https://coinbase.github.io/coinbase-wallet-sdk/
8. Scroll down to "Sign Message" section > "Personal Sign" > Press "Example Message"
9. A popup will open and ask you to sign an Example message, press "Sign"
10. Passkey authentication tray opens and suggests correct passkey, but DO NOT CONTINUE. Just note that 1Pass presented the correct passkey to sign with.
11. Now, close the passkey prompt with signing
12. In the top right corner of the page open (keys.coinbase.com), press the settings "gear" icon > Scroll down > Press "Sign out"
13. Popup closes and https://coinbase.github.io/coinbase-wallet-sdk/ warns you that your wallet was disconnected > Press "Yes"
14. Repeat steps 2 - 9
15. Passkey authentication tray opens and suggests cross-platform options with 1Pass listed at the bottom, but it does not offer a preselected passkey based on the credentialId. This is the bug.
3 Replies
- 1P_Dave
Moderator
Hello gareycb! 👋
Thank you for reporting the issue and for the very clear reproduction steps! I see the same behaviour on my end and I've reported the issue to our development team who will investigate this further.
Out of curiosity, have you tested any other third-party password managers (not Apple Passwords) and found that they suggested the appropriate passkey using your reproduction steps?
-Dave
#39715
I have not, but I will try Bitwarden. Might be a few days until I get back to you.
Note that this is a regression as this is a common flow in our application where users have multiple passkeys with the same name. We have only noticed this bug within the past week or so.
Additionally, you can try the same repro steps as above, but use iOS's Passwords app as your default autofill and everything works normally as expected.
