I'm trying to make a good UX for allowing a user to refresh their authentication with a public-private key via the public-private key functions in AuthenticationServices. I would like to only show a "sign in with passkey" button if there are passkeys set up on the device for my relying party ID. My server can tell me whether keys exist for the user, but not whether keys exist on this particular device.
Is there any way to query the list of public-private keys? I just need an ID and a relying party ID, not access to the key itself.
I have tried querying the keychain using SecItemCopyMatching with a variety of parameters, but this does not seem to include any public-private passkey pairs. It doesn't look like the documentation or Apple's public-private key sample app includes any way of querying passkeys, but I just want to make sure I'm not missing something.