Prerequisites
Before integrating passkey registration, ensure the following prerequisites are met. You may proceed to the Passkey Registration section if you have already configured the associated domains and the app site association file.Associated Domains Entitlement
Your app must have the Associated Domains capability enabled. This allows your app to access passkeys stored in the user’s iCloud Keychain. Ensure that your domain supports HTTPS and is properly configured.- In Xcode, select your project and navigate to the Signing & Capabilities tab.
- Click the + Capability button and add Associated Domains.
- Add your domain to the Associated Domains section, prefixed with webcredentials:. For example:
Apple App Site Association File
Your domain must host anapple-app-site-association
file that specifies the app identifiers allowed to access credentials. The file should be available at:
<your-app-prefix>
and <your-app-bundle-id>
with your actual App ID prefix and bundle identifier.
Passkey Registration
Once the prerequisites are in place, you can proceed to implement passkey registration usingPasskeyManager
.
1
Import Required Modules
At the top of your
ViewController
or relevant class, import the necessary modules:ViewController.swift
2
Initialize PasskeyManager
Create an instance of
PasskeyManager
, providing the Relying Party Identifier and the presentation anchor.ViewController.swift
3
Set Up User Interface
Implement a method to initiate passkey registration, typically triggered by a user action such as tapping a button.The
PasskeyManager
requires two parameters:rpId
: The relying party identifier, typically your domain. This must match the domain configured in the Associated Domains entitlement and theapple-app-site-association
file.presentationAnchor
: The window in which the authentication services will present UI, usually obtained fromview.window
.
ViewController.swift
4
Register for Notifications
To handle the results of the passkey registration process, register for the relevant notifications provided by PasskeyManager.
ViewController.swift
5
Cleanup
Remove the observers when they are no longer needed to avoid memory leaks.
ViewController.swift
6
Implement Notification Handlers
Define the methods that handle the passkey registration outcomes.
ViewController.swift
Sign Up New User
After successful passkey registration, use thePasskeyRegistrationResult
to sign up a new user by creating a sub-organization using the TurnkeyClient
from the TurnkeySDK.
1
Initialize TurnkeyClient with Proxy
When handling the completion of passkey registration, set up the
TurnkeyClient
with a proxy server URL using the ProxyMiddleware
. This configuration is essential for situations where the parent organization’s API keys are required to authenticate requests for creating a sub-organization. Your backend should relay the request to the Turnkey API, ensuring it is authenticated with the parent organization’s API keys.ViewController.swift
The middleware adds an
X-Turnkey-Request-Url
header to each request, which contains the original request URL. For more details, see the Proxy Middleware guide.2
Attestation Object
Construct the attestation object using the
PasskeyRegistrationResult
.ViewController.swift
3
Define Parameters
Set up the necessary parameters for the sub-organization and root user. We’ll use the
passkeyRegistrationResult
we received in the previous step to create a passkey authenticator for this new sub-organization.ViewController.swift
4
You can find more information about the optional parameters in the Organization Features section of the documentation.
5
Create Sub-Organization
Use the
TurnkeyClient
to create the sub-organization with the provided parameters.ViewController.swift
6
Handle the Response
Process the response from the
createSubOrganization
call to retrieve information about the new sub-organization and root users.ViewController.swift