tauri icon indicating copy to clipboard operation
tauri copied to clipboard

Published 20 hours ago verified publisher icon tauri-apps

[bug] Allow Passkeys auth support in WebView

Open nikitavoloboev opened this issue 2 years ago • 2 comments

Describe the bug

Currently if you try use any Passkey auth feature with Tauri it will not work.

For example users of my Tauri app where I had auth page managed by Hanko will seen an error.

I did not find any issue related to Passkeys and Tauri so this is one.

nikitavoloboev avatar Sep 30 '23 17:09 nikitavoloboev

I did some tests with Hanko's components, Windows, macOS, and iOS would work, but Linux seemed to lack some WebAPI to do the authentication.

Passkeys on the macOS requires setup Associated Domain Entitlement on both the client and server side. You will need to codesign your tauri app with the entitlements to make it work.

pewsheen avatar Oct 05 '23 03:10 pewsheen

I'm trying to do this too and using @pewsheen 's suggestion am still running into an issue adding the entitlements.

I think I need a Info.plist like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>com.apple.developer.web-browser.public-key-credential</key>
    <true/>
  </dict>
</plist>

And then do a full pnpm tauri build which does create a .dmg and .app, however when the entitlements are set in tauri.conf.json I get the same error previously reported where the app is not able to be opened.

I thought I'd add to this in case the extra context is meaningful, as it would be great to be able to support passkeys within a tauri app.

In case it helps, here's my environment:

[✔] Environment
    - OS: Mac OS 14.3.0 X64
    ✔ Xcode Command Line Tools: installed
    ✔ rustc: 1.77.1 (7cf61ebde 2024-03-27)
    ✔ cargo: 1.77.1 (e52e36006 2024-03-26)
    ✔ rustup: 1.27.0 (bbb9276d2 2024-03-08)
    ✔ Rust toolchain: stable-aarch64-apple-darwin (default)
    - node: 18.17.1
    - pnpm: 8.15.4
    - yarn: 1.22.19
    - npm: 9.6.7

[-] Packages
    - tauri [RUST]: 1.2.2
    - tauri-build [RUST]: 1.2.1
    - wry [RUST]: 0.23.4
    - tao [RUST]: 0.15.8
    - tauri-cli [RUST]: 2.0.0-beta.12
    - @tauri-apps/api [NPM]: 1.5.6
    - @tauri-apps/cli [NPM]: 1.5.14

[-] App
    - build-type: bundle
    - CSP: unset
    - distDir: ../build
    - devPath: http://localhost:1420/
    - framework: Svelte
    - bundler: Rollup

One lingering question I also have is...if I do get this to work would it mean that I have to make a full build each time in order to test the app? When I call the passkey function now in dev it doesn't pop up like it does in a standard browser, hence me trying to build, etc...

mankins avatar Jun 25 '24 23:06 mankins

Any luck on this

iskng avatar Apr 02 '25 01:04 iskng

Any luck on this

@iskng I ended up giving up for now. So not from me.

mankins avatar Apr 02 '25 09:04 mankins

It's impossible to do currently with current WebView, it's limitation from WebKit team.

Current best auth flow for Tauri is OAuth flow with url based token from what I understand.

Or Google/GitHub/.. OAuth. Those somehow work inside WebView too.

nikitavoloboev avatar Apr 02 '25 09:04 nikitavoloboev