Providing one-time passcodes to AutoFill
Help people efficiently perform multifactor authentication.
Overview
Many online services rely on one-time passcodes (OTPs), particularly time-based one-time passcodes (TOTP), as an additional factor when someone authenticates with the service. For example, a website might ask someone to provide their username, a password which the person knows, and a TOTP generated by the person’s authenticator app to enter the site.
Your credential provider extension can supply OTPs to AutoFill so that people can automatically fill out passcodes in apps and on websites. Someone can configure multiple credential providers in Settings so that different apps supply their passwords and OTPs in AutoFill.
Indicate that your extension provides OTPs
Open your credential provider extension’s information property list file in Xcode and add a key to the ASCredentialProviderExtensionCapabilities dictionary. Set the key’s name to ProvidesOneTimeCodes, and its value to the Boolean true.
Respond to system requests for OTP AutoFill
The system calls your credential provider view controller’s provideCredentialWithoutUserInteraction(for:) method with a request type of ASCredentialRequestType.oneTimeCode to request an OTP. If your credential provider extension can provide the code without presenting UI, call completeOneTimeCodeRequest(using:completionHandler:) to supply the text to the system.
Otherwise, if your credential provider extension needs to present UI to provide the OTP, call cancelRequest(withError:). Use the error domain ASExtensionErrorDomain, and the code ASExtensionError.Code.userInteractionRequired. The system calls prepareInterfaceToProvideCredential(for:). In your implementation, present the UI you need for someone to choose the OTP for the request. Call completeOneTimeCodeRequest(using:completionHandler:) to supply the text to the system, or cancelRequest(withError:) to inform the system if an error occurs.
Provide a list of available OTPs
When someone uses a text field to complete an OTP using AutoFill, they can tap a button to see a list of all available OTPs. The system calls prepareOneTimeCodeCredentialList(for:) to get the list of OTPs from your extension, then presents your controller.