Title here
Summary here
Known Issues
Passkey Metadata
Samsung Pass
According to Samsung documentation (source), Samsung Pass creates synced passkeys which are available on other devices where Samsung Pass is installed.
During testing on 2024-09-05, it was observed that passkeys created in Samsung Pass return the backup eligible flag as false, signaling a device-bound passkey.
Sample passkey registration from Samsung Pass
Test device details:
- Galaxy S22
- Android 14 (UP1A.231005.007.S901USQS6EXG8)
- One UI 6.1
- Samsung Pass 4.4.02.7
{
"id": "z6pL5MuQwkXlm8w5ekAiyVOFlNjeQylYhT-7zM7j7WU",
"rawId": "z6pL5MuQwkXlm8w5ekAiyVOFlNjeQylYhT-7zM7j7WU",
"response": {
"attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIgWXza-be0D1PEO71VmL0sK0vsFL23vXmuEWsIMDC630cCIQDI94Li83tC9ObYsl_KLeetJYJF1LYhX4P4-LrPleUQJmN4NWOBWQJoMIICZDCCAgigAwIBAgIJAPV8v0W8CvhMMAwGCCqGSM49BAMCBQAwgaYxHzAdBgNVBAMTFlNhbXN1bmcgRWxlY3Ryb25pY3MgQ0ExHDAaBgNVBAoTE1NhbXN1bmcgRWxlY3Ryb25pY3MxFzAVBgNVBAsTDlNhbXN1bmcgTW9iaWxlMRMwEQYDVQQHEwpTdXdvbiBjaXR5MQswCQYDVQQGEwJLUjEqMCgGCgmSJomT8ixkAQEMGlNhbXN1bmdEZXZpY2VSb290Q0FLZXlfRUNDMB4XDTIzMDkxOTA1NDkxNFoXDTQzMDkxNDA1NDkxNFowfzELMAkGA1UEBhMCS1IxHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ryb25pY3MxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xLjAsBgNVBAMMJVNhbXN1bmcgRWxlY3Ryb25pY3MgRklETzIgQXR0ZXN0YXRpb24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQZokK4d5QdhN9fFJTb_T206U1WmxQRCJbqb-UCaq9siPVKBA6TaSrPCIU8GjeXbUa85FYYH6EMWh_QOnNjQWWbo0MwQTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIGwDAhBgsrBgEEAYLlHAEBBAQSBBBTQU1TVU5HAAAAAAAAAAAAMAwGCCqGSM49BAMCBQADSAAwRQIhAIBCXe_4AlECip2G3nTS0GrRtIHbaVW_0hLy8ys3EdyoAiAETMcz76gqzLoHQODkkk_nbSEu0WAGPh7bK3Y-1m6uZWhhdXRoRGF0YVikdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAFNBTVNVTkcAAAAAAAAAAAAAIM-qS-TLkMJF5ZvMOXpAIslThZTY3kMpWIU_u8zO4-1lpQECAyYgASFYIE5HQDsE0Z0KrevEm67wFwN43o9B8hNQgl3VIW-iuaTMIlgg3BPaZ-68R9E0dl-viKQdjLB_7QY9zWdPD11YoP00T4I",
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiaGJBaUtkcE5YOTBFYVlZTlAtaVFTbjBGTGlHSnFCUFdUQUJEbkI4ZnhxenNpQzdxNlYxUUNJcUZMTlVwdTBMQWx5WHMxaE1ETFhOVld6N0hOQl8wanciLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwiY3Jvc3NPcmlnaW4iOmZhbHNlLCJvdGhlcl9rZXlzX2Nhbl9iZV9hZGRlZF9oZXJlIjoiZG8gbm90IGNvbXBhcmUgY2xpZW50RGF0YUpTT04gYWdhaW5zdCBhIHRlbXBsYXRlLiBTZWUgaHR0cHM6Ly9nb28uZ2wveWFiUGV4In0",
"transports": [
"hybrid",
"internal"
],
"publicKeyAlgorithm": -7,
"publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETkdAOwTRnQqt68SbrvAXA3jej0HyE1CCXdUhb6K5pMzcE9pn7rxH0TR2X6-IpB2MsH_tBj3NZ08PXVig_TRPgg",
"authenticatorData": "dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFAAAAAFNBTVNVTkcAAAAAAAAAAAAAIM-qS-TLkMJF5ZvMOXpAIslThZTY3kMpWIU_u8zO4-1lpQECAyYgASFYIE5HQDsE0Z0KrevEm67wFwN43o9B8hNQgl3VIW-iuaTMIlgg3BPaZ-68R9E0dl-viKQdjLB_7QY9zWdPD11YoP00T4I"
},
"type": "public-key",
"clientExtensionResults": {
"credProps": {
"rk": true
}
},
"authenticatorAttachment": "platform"
}User Verification
The following list of passkey providers have not implemented User Verification in a spec-compliant manner.
| Provider | Architecture | UV Required Behavior | UV Flag |
|---|---|---|---|
| 1Password | Extension | ❌ Handles request without UV | ❌ Always replies True |
| 1Password | Native | ✅ Performs UV | ✅ UV flag accurate |
| Bitwarden | Extension | ❌ Handles request without UV | ❌ Always replies True |
| KeepassXC | Extension | ❌ Handles request without UV | ❌ Always replies True |
| Proton Pass | Extension | ❌ Handles request without UV | ❌ Always replies True |
| Proton Pass | Native | ❌ Handles request without UV | ❌ Always replies True |
| Strongbox | Native | ❌ Handles request without UV | ❌ Always replies True |
Architecture:
Extension= web browser extension,Native= OS native app using provider APIs
Last Updated: Sep 13, 2024