To use passkeys, you need to place the correct AASA file on the web server and add an entry in the Entitlements.plist, for example webcredentials:mydomain.com.
This is clear so far, but I would like to ask if it's possible to set this webcredentials in a different way in the app?
The reason for this is that we are developing a native app and our on-premise customers have their own web servers. We cannot know these domains in advance so creating a dedicated app for each customer is not option for us.
Thank you for your help!
I would like to ask if it's possible to set this webcredentials in a different way in the app?
No. The associated domain feature is based on entitlements which are in turn authorised by a provisioning profile. These are baked into your app when you build it. There’s no way to provide equivalent information at runtime.
The reason for this is that we are developing a native app and our on-premise customers have their own web servers.
Keep in mind that the AASA file must be placed on a public webserver so that it can be accessed by the Apple CDN. That limits your option when it comes to associated domain choices.
If your app is commonly deployed to managed environments, you might consider other authentication options. I’m a huge fan of the recently released ManagedApp framework. For a quick intro, watch WWDC 2025 Session 203 Get to know the ManagedApp Framework. But there’s also enterprise SSO
IMPORTANT As an app developer you don’t need to do anything to support enterprise SSO. Rather, you just make URLSession calls and things just works. For more, see Intro to Single Sign-on with Apple devices in Apple Platform Deployment.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"