WebAuthn PRF extension reports true despite no hmac-secret authenticator extension

Safari & Web General
philomathic_life
philomathic_life OP
Created Apr ’25
Replies 1
Boosts 0
Views 57
Participants 1

When creating a passkey with the PRF extension on an iPhone 15 Pro Max using Safari on iOS 18.4.1, PublicKeyCredential.getClientExtensionResults reports true; however there is no hmac-secret extension in the authenticator data as required by WebAuthn Level 3.

Replies  1
Boosts  0
Views  57
Participants  1
philomathic_life
philomathic_life OP
Apr ’25
Accepted Answer

The WebAuthn spec is being fixed to make it clear that hmac-secret is in fact not required. Please close this.

0
WebAuthn PRF extension reports true despite no hmac-secret authenticator extension
First post date Last post date
 
 
Q