workaround can be found in this discussion: https://developer.apple.com/forums/thread/787629

I have the same issue as well. It seems a bug at Apple side

Hi DTS Engineer, Is there any update?

Hi something_goes_here, Thank you for try. Correct, it is working if computer has IPv6 ip. My problem is that following not working: https://app-site-association.cdn-apple.com/a/v1/qa-jen.noknoktest.com This expected to return the same file but from Apple CDN.

Hello, Thank you for reply. Can you please confirm that computer where you run curl command has IPv6 address? As I mentioned before, this server/domain is IPv6 only. In order to reach to it the client computer need to have IPv6 address. The output for curl you shared is indication that computer has no IPv6 address. When you will try from the network/computer where IPv6 enabled then you will get the content of AASA file. I confirm that https://qa-jen.noknoktest.com is publicly accessible. Thank you in advance, Arsen

Is there any feedback from Apple developers? I need this issue addressed ASAP.

We filed a ticket to Apple, and they say that it is their issue and they working on it. The suggested workaround was to set minimumOSVersion in frameworks to higher or equal to application version. We created a script which will modify the Info.plist files in our shipped static frameworks and providing it to our customers, so they can run and set the version matching to their application target.

The similar issue we facing is connected with static frameworks. The SPM in XCode 15.3 embedding static frameworks and causing validation issue. The workaround suggested by Apple is to set minimum OS version for that frameworks higher than/ or equal to application minimum OS version. Another workaround is to add run script build phase in application target to delete the static frameworks from .app/Frameworks like following: rm -rf "${TARGET_BUILD_DIR}/${TARGET_NAME}.app/Frameworks/XXXX.framework"

Hi, Actually the ASAuthorizationPlatformPublicKeyCredentialDescriptor has no interface to specify transports. The transports can be specified to Security Key credential only. So the only workaround is to not pass transports to Security Key allow credential.