Docs

Known Issues

Last modified on September 24, 2025 • 2 min read • 295 words
Share via
A list of known issues with passkey implementations
Passkey Metadata   Samsung Pass   User Verification  

Passkey Metadata  

Samsung Pass  

According to Samsung documentation ( source), Samsung Pass creates synced passkeys which are available on other devices where Samsung Pass is installed.

During testing on 2024-09-05, it was observed that passkeys created in Samsung Pass return the backup eligible flag as false, signaling a device-bound passkey.

Test device details:

  • Galaxy S22
  • Android 14 (UP1A.231005.007.S901USQS6EXG8)
  • One UI 6.1
  • Samsung Pass 4.4.02.7

View decoded details

{
  "id": "z6pL5MuQwkXlm8w5ekAiyVOFlNjeQylYhT-7zM7j7WU",
  "rawId": "z6pL5MuQwkXlm8w5ekAiyVOFlNjeQylYhT-7zM7j7WU",
  "response": {
    "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIgWXza-be0D1PEO71VmL0sK0vsFL23vXmuEWsIMDC630cCIQDI94Li83tC9ObYsl_KLeetJYJF1LYhX4P4-LrPleUQJmN4NWOBWQJoMIICZDCCAgigAwIBAgIJAPV8v0W8CvhMMAwGCCqGSM49BAMCBQAwgaYxHzAdBgNVBAMTFlNhbXN1bmcgRWxlY3Ryb25pY3MgQ0ExHDAaBgNVBAoTE1NhbXN1bmcgRWxlY3Ryb25pY3MxFzAVBgNVBAsTDlNhbXN1bmcgTW9iaWxlMRMwEQYDVQQHEwpTdXdvbiBjaXR5MQswCQYDVQQGEwJLUjEqMCgGCgmSJomT8ixkAQEMGlNhbXN1bmdEZXZpY2VSb290Q0FLZXlfRUNDMB4XDTIzMDkxOTA1NDkxNFoXDTQzMDkxNDA1NDkxNFowfzELMAkGA1UEBhMCS1IxHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ryb25pY3MxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xLjAsBgNVBAMMJVNhbXN1bmcgRWxlY3Ryb25pY3MgRklETzIgQXR0ZXN0YXRpb24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZokK4d5QdhN9fFJTb_T206U1WmxQRCJbqb-UCaq9siPVKBA6TaSrPCIU8GjeXbUa85FYYH6EMWh_QOnNjQWWbo0MwQTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIGwDAhBgsrBgEEAYLlHAEBBAQSBBBTQU1TVU5HAAAAAAAAAAAAMAwGCCqGSM49BAMCBQADSAAwRQIhAIBCXe_4AlECip2G3nTS0GrRtIHbaVW_0hLy8ys3EdyoAiAETMcz76gqzLoHQODkkk_nbSEu0WAGPh7bK3Y-1m6uZWhhdXRoRGF0YVikdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAFNBTVNVTkcAAAAAAAAAAAAAIM-qS-TLkMJF5ZvMOXpAIslThZTY3kMpWIU_u8zO4-1lpQECAyYgASFYIE5HQDsE0Z0KrevEm67wFwN43o9B8hNQgl3VIW-iuaTMIlgg3BPaZ-68R9E0dl-viKQdjLB_7QY9zWdPD11YoP00T4I",
    "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiaGJBaUtkcE5YOTBFYVlZTlAtaVFTbjBGTGlHSnFCUFdUQUJEbkI4ZnhxenNpQzdxNlYxUUNJcUZMTlVwdTBMQWx5WHMxaE1ETFhOVld6N0hOQl8wanciLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
    "transports": [
      "hybrid",
      "internal"
    ],
    "publicKeyAlgorithm": -7,
    "publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETkdAOwTRnQqt68SbrvAXA3jej0HyE1CCXdUhb6K5pMzcE9pn7rxH0TR2X6-IpB2MsH_tBj3NZ08PXVig_TRPgg",
    "authenticatorData": "dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAFNBTVNVTkcAAAAAAAAAAAAAIM-qS-TLkMJF5ZvMOXpAIslThZTY3kMpWIU_u8zO4-1lpQECAyYgASFYIE5HQDsE0Z0KrevEm67wFwN43o9B8hNQgl3VIW-iuaTMIlgg3BPaZ-68R9E0dl-viKQdjLB_7QY9zWdPD11YoP00T4I"
  },
  "type": "public-key",
  "clientExtensionResults": {
    "credProps": {
      "rk": true
    }
  },
  "authenticatorAttachment": "platform"
}

User Verification  

The following list of passkey providers have not implemented User Verification in a spec-compliant manner.

ProviderArchitectureuv=requireduv=preferred
1PasswordExtension❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV
1PasswordNative✅ Performs UV✅ UV flag accurate
BitwardenExtension❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV
KeepassXCExtension❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV
Okta PersonalExtension❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV
Okta PersonalNative✅ Performs UV✅ UV flag accurate
Proton PassExtension❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV
Proton PassNative❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV
StrongboxNative❌ Handles request without performing UV, sets UV true❌ Sets UV true without performing UV

Architecture: Extension = web browser extension, Native = OS native app using provider APIs

On this page: