I have an Autofill Passkey Provider working for Safari and Chrome via WebAuthn protocol. Unfortunately, Chrome will not offer my extension as a logon credential provider unless I add the credential to the ASCredentialIdentityStore. I wonder what is the best way to access the ASCredentialIdentityStore from an AutoFill extension? I understand I cannot access it directly from the extension context, so what is the best way to trigger my container app to run, based on a new WebAuthn registration? The best I can think of so far is for the www site to provide an App Link to launch my container app as part of the registration ceremony. Safari will offer my extension even without adding it to the ASCredentialIdentityStore, so I guess I should file a request with Chrome to work this way too, given difficulty of syncing ASCredentialIdentityStore with WebAuthn registration.

On iOS when I run my Autofill extension target from Xcode and attach to Safari, Swift print() statements appear in the Xcode console log. If I run the same extension on MacOS Sequoia, no log messages appear. The header strip in the debugger area remains blank. Anyone know how to see these log messages? In both cases, the scheme is set to Debug build, and "Debug Executable" is not selected. In fact, for iOS the "Debug Executable" is grayed out. When I set Debug Executable on the MacOS run, I get failure to attach with a warning about permission to debug Safari.

I am using TLS 1.2 mutual authentication with Apache www server and self-signed CA. The authentication works fine, except iOS and MacOS ignore the "Acceptable client certificate CA names" returned by the server in the CertificateRequest. On my iOS app, I see empty distinguishedNames field on the AuthenticationChallenge, and on MacOS Safari I am given a choice of all installed user certificates. Detailed logging on Apache shows it is writing the CertificateRequest. Logging is raw so I can't see what all the encoded parameters are, but see the right ASCII for subject, etc. Are some special certificate attributes needed? I have: X509v3 Basic Constraints:  CA:TRUE