I am currently investigating the idea of implementing FIDO2 (WebAuthN) support in native iOS using Swift. I understand that there is no FIDO2 support in native iOS, and only available through Safari native app, but Safari is not an option that I'm currently considering.
The idea is to implement FIDO2 interfaces following the spec and utilize Secure Enclave for the key store and perform user authentication through Local Authentication.
From my understanding, if we use Secure Enclave, and some crypto libraries either in CryptoKit, or third-party, I should be able to implement the FIDO2 interfaces natively. I see that there are only two libraries available in iOS:
- yubikit-ios: using Yubico's secure key as key store
- WebAuthnKit-iOS: using Secure Enclave as key store; implemented natively but not actively maintained at the moment. But following the spec with some missing peices.
I was trying to validate with FIDO Alliance about the approach, but they are skeptical simply due to the lack of native API support from Apple. Apple seems like currently working on this item, but it's not official, and there is no confirmed date. Plus I would like to support the older version of iOS.
For those of you who are security experts and FIDO2 compliance, does this make sense to implement it natively? or do we see any major/critical issue implementing FIDO2 using Secure Enclave?
Any thoughts and suggestions are appreciated!
