I'm currently working on implementing passkey authentication for an Android application, using this documentation: https://developer.android.com/training/sign-in/passkeys#kotlin
For authentication, I'm using the WSO2 identity server, but here's where I'm doing something different. Instead of the app creating the passkey, the WSO2 identity server does it, and I store the passkey on the device.
Here's a weird behavior I'm encountering: the app isn't prompting me for the passkeys registered in the app. Instead, it shows a QR code for signing in with passkeys stored on other devices. After that, I get a GetCredentialCancellationException thrown.
Here are some more details about the process:
I set requestJson to:
{ "challenge":"xxxxxxxxxxx", "allowCredentials":[], "Timeout":1800000, "userVerification": "Required", "rpId":"abc.com" }
Both the challenge and rpId come from the WSO2 identity server.
I'm not setting a digital assets link, as I'm using a separate identity server for authentication.
Can anyone help me to debug, what I have done wrong here ?
Note: keys and values in the JSON are case sensitive, so
Timeout
andRequired
are both incorrect.If you haven't set up the digital asset links, things won't work so try that first. (I.e. your app will need permission to use credentials from abc.com before things will work.)