How does an app know that the passkey is saved in 1Password?

Options
Damnatus
Damnatus
Community Member
edited January 10 in iOS

Hi,

I just added the Amazon passkey via their app (to check if it works with the app since there were issues with that (re: PayPal) previously to iOS 17.2 and noticed that it (the Amazon App) labeled the saved Passkey automatically as „1Password“.

  1. Now I’m curious how it knows that I saved it there. Either it’s in the Passkey (WebAuthn) specification or Apple requires to make this info visible to the apps. Looking forward to the enlightening answer from 1P folks as you‘re usually pretty good in breaking down the technical complexities without oversimplifying things into inaccuracies.

  2. I’m also curious if that allows apps to have more info about the item or even vault (I don’t think so, but it would be nice to have it written out) and

  3. if the app could deny certain provider based on their Denylist.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • Dave_1P
    Dave_1P
    Options

    Hello @Damnatus! 👋

    Thank you for the question! Passkeys contain an Authenticator Attestation Global Unique Identifier (AAGUID) which declares that a passkey was created using a certain provider. Services can use the AAGUID to label the passkeys that you create (for example, by labeling them as "1Password") in order to improve the user experience with that service.

    Apps don't have access to any information that you've saved in 1Password, nor do they have access to any information about the vault that you've saved the item in.

    I believe that some services already use the AAGUID to specify what kind of providers can be used with their service. For example, both Microsoft Entra and Okta allow you to add approved authenticators by AAGUID.

    I hope that helps! 🙂

    -Dave

  • Damnatus
    Damnatus
    Community Member
    Options

    Yes, this helps! It is a prime example for the high quality support at 1Password and of your skill specifically in writing an answer that is succinct but comprehensive and with the keyword(s) to give an entry point for further research if wanted.

    Thank you @Dave_1P!

  • Dave_1P
    Dave_1P
    Options

    Thank you for the kind words, I'm happy to help. 🙂

    -Dave

  • gussic
    gussic
    Community Member
    edited March 4
    Options

    Hey @Dave_1P

    Sorry, possibly a bit of a cross post but do you know what 1Password's AAGUID is? Or where we'd find it
    I understand from the post here that we need to specifically allow 1Password's AAGUID in the Microsoft Entra Admin Centre for Passkeys to be enrolled (when support starts rolling out from mid-March 2024).

    EDIT:

    Sorry, as is always the way, you find the information you think you are looking for, right after you post!

    @Dave_1P can you please confirm 1Password's AAGUID is:

    bada5566-a7aa-401f-bd96-45619a55120d

    I sourced it from here, hopefully it's still accurate/current.

    Cheers

  • Dave_1P
    Dave_1P
    Options

    @gussic

    Thanks for the ping. That looks correct, 1Password's AAGUID is the following:

    bada5566-a7aa-401f-bd96-45619a55120d

    Let me know if there's anything else that I can help you with. 🙂

    -Dave