I'm developing a passkey manager using ASCredentialProviderViewController. I've set a custom AAGUID in the attestation object during registration:
let aaguid = Data([
0xec, 0x78, 0xfa, 0xe8, 0xb2, 0xe0, 0x56, 0x97,
0x8e, 0x94, 0x7c, 0x77, 0x28, 0xc3, 0x95, 0x00
])
However, when I test on webauthn.io, the relying party receives:
- AAGUID: 00000000-0000-0000-0000-000000000000
- Provider Name: "iCloud Keychain"
It appears that macOS overwrites the AAGUID to all zeros for third-party Credential Provider Extensions.
This makes it impossible for relying parties to distinguish between different passkey providers, which is one of the key purposes of AAGUID in the WebAuthn specification.
Is this expected behavior? Is there a way for third-party Credential Provider Extensions to use their own registered AAGUID?
Environment:
- macOS 26.2
- Xcode 26.2