What is the status of Webauthn on iOS/Safari?

Question

I am doing a presentation on the FIDO2/Webauthn standard in a few days and I was excited to see this article on Yubico's website stating that Apple has added support for FIDO authentication via NFC like Android has for years. I had a few of my colleagues go to the various Webauthn test sites out there (webauthn.me, webauthn.io etc) on a newer device running iOS 13.1 but they all display errors stating that the browser is not supported (both safari and chrome). Is there something you have to do to enable this functionality or are we waiting for an update from Apple to enable the feature?

Answer 1

We're waiting on this too. What does bode well is the new NFC write support that was added in 13. The WebAuthn JavaScript API is also available in Safari as an experimental feature - it just doesn't do any FIDO2/CTAP2 stuff yet.

I fully expect to see native support (using NFC, Lightning and built-in PIN/Touch/Face ID) in the not too distant future - especially given Apple are on-board with this and the support in desktop Safari is good.

The question is when...

Editted to add 15 Dec 2019:

As of the 10th of Dec 2019 Safari on iOS 13.3 supports second factor (i.e. not usernameless/passwordless) sign in using NFC, Lightning or USB security keys. I've tested this myself using 2 different Yubico keys that support NFC.

Unfortunately it does not look like registration via the WebAuthn API is working at this time. It presents a UI prompt to plug in or tap the key but nothing seems to happen.

There is also no support yet for using the phone itself as a security key via PIN, Touch ID or Face ID.

This is still a significant step and I can only hope that Apple continues to expand the supported featureset.

Article here: https://www.yubico.com/2019/12/native-support-for-webauthn-and-fido-is-finally-here-on-iphones-and-ipads/

Updated to add announcement for Touch and Face ID on iOS:

https://developer.apple.com/videos/play/wwdc2020/10670/

Answer 2

UPDATE: Starting with iOS 13.3, WebAuthn support is added in Safari. WebAuthn compatible security keys using NFC, Lightning or USB should work with current implementations of the API. I have been able to verify this using my Yubikey 5Ci using Lightning.

Original answer: At the moment, there is no support for the WebAuthn API in iOS/iPadOS and there is also no method to enable it. As far as I know, FIDO authentication on iOS currently only works for apps that have integrated it.

On this page you can see exactly what browsers support the WebAuthn API (ar any other web API) at the moment.

Answer 3

Safari with iOS/iPadOS 14 and macOS Big Sur supports WebAuthn with FaceID and TouchID, as announced at the WWDC 2020.