AuthenticationServices macOS xcode16.0 b1

#AuthenticationServices.framework

Rolf

diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationError.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationError.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationError.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationError.h	2024-05-30 08:56:25
@@ -19,6 +19,9 @@
     ASAuthorizationErrorNotHandled = 1003,
     ASAuthorizationErrorFailed = 1004,
     ASAuthorizationErrorNotInteractive API_AVAILABLE(ios(15.0), macos(12.0)) API_UNAVAILABLE(tvos, watchos) = 1005,
+
+    /// This error should only be returned when specifying @c excludedCredentials on a public key credential registration request.
+    ASAuthorizationErrorMatchedExcludedCredential AS_API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) = 1006,
 } API_AVAILABLE(ios(13.0), macos(10.15), tvos(13.0), watchos(6.0));
 
 NS_HEADER_AUDIT_END(nullability, sendability)
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertion.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertion.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertion.h	2024-04-23 06:10:37
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertion.h	2024-05-30 08:56:27
@@ -17,6 +19,8 @@
 @property (nonatomic, readonly) ASAuthorizationPublicKeyCredentialAttachment attachment API_AVAILABLE(macos(13.5), ios(16.6)) API_UNAVAILABLE(tvos, watchos);
 
 @property (nonatomic, readonly, nullable) ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput *largeBlob NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(14.0), ios(17.0)) API_UNAVAILABLE(tvos, watchos);
+
+@property (nonatomic, readonly, nullable) ASAuthorizationPublicKeyCredentialPRFAssertionOutput *prf NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertionRequest.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertionRequest.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertionRequest.h	2024-04-23 06:10:37
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialAssertionRequest.h	2024-05-30 08:56:27
@@ -19,6 +21,8 @@
 @property (nonatomic, copy) NSArray<ASAuthorizationPlatformPublicKeyCredentialDescriptor *> *allowedCredentials;
 
 @property (nonatomic, nullable) ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput *largeBlob NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(14.0), ios(17.0)) API_UNAVAILABLE(tvos, watchos);
+
+@property (nonatomic, nullable) ASAuthorizationPublicKeyCredentialPRFAssertionInput *prf API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 + (instancetype)new NS_UNAVAILABLE;
 - (instancetype)init NS_UNAVAILABLE;
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialProvider.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialProvider.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialProvider.h	2024-04-23 06:10:37
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialProvider.h	2024-05-30 08:56:27
@@ -21,6 +23,14 @@
     @param userID An identifier to be stored alongside the credential, which will be returned with the credential when it is used to authenticate.
  */
 - (ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest *)createCredentialRegistrationRequestWithChallenge:(NSData *)challenge name:(NSString *)name userID:(NSData *)userID NS_SWIFT_NAME(createCredentialRegistrationRequest(challenge:name:userID:));
+
+/*! @abstract Create a request to register a new platform credential.
+    @param challenge The challenge to sign.
+    @param name The user name for the new credential.
+    @param userID An identifier to be stored alongside the credential, which will be returned with the credential when it is used to authenticate.
+    @param requestStyle The style for this request.
+ */
+- (ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest *)createCredentialRegistrationRequestWithChallenge:(NSData *)challenge name:(NSString *)name userID:(NSData *)userID requestStyle:(ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestStyle)requestStyle NS_SWIFT_NAME(createCredentialRegistrationRequest(challenge:name:userID:requestStyle:)) API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 /*! @abstract Create a request to authenticate using an existing credential.
     @param challenge The challenge to sign.
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistration.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistration.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistration.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistration.h	2024-05-30 08:56:25
@@ -20,6 +22,8 @@
 @property (nonatomic, readonly) ASAuthorizationPublicKeyCredentialAttachment attachment API_AVAILABLE(macos(13.5), ios(16.6)) API_UNAVAILABLE(tvos, watchos);
 
 @property (nonatomic, readonly, nullable) ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput *largeBlob NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(14.0), ios(17.0)) API_UNAVAILABLE(tvos, watchos);
+
+@property (nonatomic, readonly, nullable) ASAuthorizationPublicKeyCredentialPRFRegistrationOutput *prf NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.h	2024-04-23 06:10:36
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.h	2024-05-30 08:56:26
@@ -7,6 +7,23 @@
 
 #import <AuthenticationServices/ASAuthorizationWebBrowserPlatformPublicKeyCredentialRegistrationRequest.h>
 
+@class ASAuthorizationPublicKeyCredentialPRFRegistrationInput;
+
+typedef NS_ENUM(NSInteger, ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestStyle) {
+    /// Perform a request using the standard presentation style. This is the default style.
+    ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestStyleStandard,
+
+    /// Perform a conditional request. This style of request is meant to opportunistically add passkeys to existing
+    /// password-based accounts, at the discretion of the user's credential manager. It should be performed
+    /// shortly after a user has signed in with a password. If the user is using a password and passkey manager,
+    /// and certain internal conditions of that credential manager are met (e.g. the user signed in recently with a
+    /// matching password-based account and does not yet have a passkey for this account), then this request
+    /// may proceed automatically, without further user interaction. If any of the internal conditions are not met,
+    /// this request will return an error without showing any UI to the user, and may be retried the next time they
+    /// sign in.
+    ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestStyleConditional,
+} NS_SWIFT_NAME(ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest.RequestStyle) API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos) API_UNAVAILABLE(watchos);
+
 AS_HEADER_AUDIT_BEGIN(nullability, sendability)
 
 API_AVAILABLE(macos(12.0), ios(15.0), tvos(16.0)) API_UNAVAILABLE(watchos)
@@ -16,6 +33,10 @@
 - (instancetype)init NS_UNAVAILABLE;
 
 @property (nonatomic, nullable) ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput *largeBlob NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(14.0), ios(17.0)) API_UNAVAILABLE(tvos, watchos);
+
+@property (nonatomic, nullable) ASAuthorizationPublicKeyCredentialPRFRegistrationInput *prf NS_REFINED_FOR_SWIFT API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
+
+@property (nonatomic) ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestStyle requestStyle API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationResult.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationResult.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationResult.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionAuthorizationResult.h	2024-05-30 08:56:25
@@ -15,11 +15,11 @@
 
 /*! @abstract Authorization succeeded with an authorization tokens stored in HTTP headers.
  */
-- (instancetype)initWithHTTPAuthorizationHeaders:(NSDictionary<NSString *, NSString *> *)httpAuthorizationHeaders  NS_SWIFT_NAME(init(httpAuthorizationHeaders:));
+- (instancetype)initWithHTTPAuthorizationHeaders:(NSDictionary<NSString *, NSString *> *)httpAuthorizationHeaders  NS_SWIFT_NAME(init(httpAuthorizationHeaders:)) API_UNAVAILABLE(watchos, tvos);
 
 /*! @abstract Authorization succeeded with a HTTP response.
  */
-- (instancetype)initWithHTTPResponse:(NSHTTPURLResponse *)httpResponse httpBody:(nullable NSData *)httpBody NS_SWIFT_NAME(init(httpResponse:httpBody:));
+- (instancetype)initWithHTTPResponse:(NSHTTPURLResponse *)httpResponse httpBody:(nullable NSData *)httpBody NS_SWIFT_NAME(init(httpResponse:httpBody:)) API_UNAVAILABLE(watchos, tvos);
 
 /*! @abstract HTTP extra headers for addition with credentials.
  */
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginConfiguration.h	2024-05-30 08:56:25
@@ -72,6 +72,35 @@
 } NS_SWIFT_NAME(ASAuthorizationProviderExtensionLoginConfiguration.UserSecureEnclaveKeyBiometricPolicy);
 
 
+
+typedef NSNumber * ASAuthorizationProviderExtensionEncryptionAlgorithm API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_TYPED_EXTENSIBLE_ENUM;
+
+/// A encryption algorithm that uses NIST P-256 elliptic curve key agreement, ConcatKDF key derivation
+/// with a 256-bit digest, and the Advanced Encryption Standard cipher in Galois/Counter Mode with a key length of 256 bits.
+AS_EXTERN ASAuthorizationProviderExtensionEncryptionAlgorithm const ASAuthorizationProviderExtensionEncryptionAlgorithmECDHE_A256GCM API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(ecdhe_A256GCM);
+
+/// A cipher suite for HPKE that uses NIST P-256 elliptic curve key agreement, SHA-2 key derivation
+/// with a 256-bit digest, and the Advanced Encryption Standard cipher in Galois/Counter Mode with a key length of 256 bits.
+AS_EXTERN ASAuthorizationProviderExtensionEncryptionAlgorithm const ASAuthorizationProviderExtensionEncryptionAlgorithmHPKE_P256_SHA256_AES_GCM_256  API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(hpke_P256_SHA256_AES_GCM_256);
+
+/// A cipher suite that you use for HPKE using NIST P-384 elliptic curve key agreement, SHA-2 key derivation
+/// with a 384-bit digest, and the Advanced Encryption Standard cipher in Galois/Counter Mode with a key length of 256 bits.
+AS_EXTERN ASAuthorizationProviderExtensionEncryptionAlgorithm const ASAuthorizationProviderExtensionEncryptionAlgorithmHPKE_P384_SHA384_AES_GCM_256  API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(hpke_P384_SHA384_AES_GCM_256);
+
+/// A cipher suite for HPKE that uses X25519 elliptic curve key agreement, SHA-2 key derivation
+/// with a 256-bit digest, and the ChaCha20 stream cipher with the Poly1305 message authentication code.
+AS_EXTERN ASAuthorizationProviderExtensionEncryptionAlgorithm const ASAuthorizationProviderExtensionEncryptionAlgorithmHPKE_Curve25519_SHA256_ChachaPoly  API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(hpke_Curve25519_SHA256_ChachaPoly);
+
+typedef NSNumber * ASAuthorizationProviderExtensionSigningAlgorithm API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_TYPED_EXTENSIBLE_ENUM;
+
+// Use the ES256 signing algorithm per RFC 7518.
+AS_EXTERN ASAuthorizationProviderExtensionSigningAlgorithm const ASAuthorizationProviderExtensionSigningAlgorithmES256 API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(es256);
+// Use the ES384 signing algorithm per RFC 7518.
+AS_EXTERN ASAuthorizationProviderExtensionSigningAlgorithm const ASAuthorizationProviderExtensionSigningAlgorithmES384 API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(es384);
+// Use the Ed25519 signing algorithm per RFC 8032.
+AS_EXTERN ASAuthorizationProviderExtensionSigningAlgorithm const ASAuthorizationProviderExtensionSigningAlgorithmEd25519 API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(ed25519);
+
+
 API_AVAILABLE(macos(13.0)) API_UNAVAILABLE(ios, watchos, tvos)
 @interface ASAuthorizationProviderExtensionLoginConfiguration : NSObject
 
@@ -350,6 +379,23 @@
  */
 @property (nonatomic, nullable, copy) NSData *loginRequestEncryptionAPVPrefix API_AVAILABLE(macos(14.0)) API_UNAVAILABLE(ios, watchos, tvos);
 
+
+/*!
+ @abstract The encryption algorithm to use for the embedded login assertion.
+ */
+@property (nonatomic, copy) ASAuthorizationProviderExtensionEncryptionAlgorithm loginRequestEncryptionAlgorithm API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract The PreSharedKey to be used for HKPE for embedded login assertions. Setting this value will change the mode to PSK if the loginRequestHPKEPreSharedKeyID is also set. Must be at least 32 bytes.
+ */
+@property (nonatomic, copy, nullable) NSData *loginRequestHPKEPreSharedKey API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract  The PreSharedKey Id to be used for HPKE PSK for embedded login assertions.  This is required if the loginRequestHPKEPreSharedKey is set.
+ */
+@property (nonatomic, copy, nullable) NSData *loginRequestHPKEPreSharedKeyID API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+
 // MARK: - Key Exchange
 
 /*!
@@ -398,6 +444,25 @@
  @returns YES when successful and NO when claims are rejected.
  */
 - (BOOL)setCustomKeyRequestBodyClaims:(NSDictionary<NSString *, id> *)claims returningError:(NSError * _Nullable * _Nullable)error API_AVAILABLE(macos(14.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+
+
+#pragma mark - HPKE
+
+/*!
+ @abstract The PreSharedKey to be used for HKPE. Setting this value will change the mode to PSK or AuthPSK if the hpkeAuthPublicKey is also set. Must be at least 32 bytes.
+ */
+@property (nonatomic, copy, nullable) NSData *hpkePreSharedKey API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract The PreSharedKey Id to be used for HPKE PSK or AuthPSK mode.  This is requred if the hpkePreSharedKey is set.
+ */
+@property (nonatomic, copy, nullable) NSData *hpkePreSharedKeyID API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract The Authentication public key to be used for HPKE.  Setting this value with changet the mode to Auth or AuthPSK if the hpkePreSharedKey is also set.  This public key is used to authenticate HPKE responses.
+ */
+@property (nonatomic, nullable) SecKeyRef hpkeAuthPublicKey API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
 
 
 @end
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h	2024-04-23 06:10:36
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionLoginManager.h	2024-05-30 08:56:26
@@ -90,6 +90,16 @@
 /// @param keyType The key type to retrieve.
 - (nullable SecIdentityRef)copyIdentityForKeyType:(ASAuthorizationProviderExtensionKeyType)keyType NS_SWIFT_NAME(identity(for:)) CF_RETURNS_RETAINED;
 
+
+/// @abstract Generates a new key for the specified platform SSO key type using the strongest supported key strength returning the new key.  Nil is returned if there is an error generating the new key.
+/// @param keyType The key type to retrieve.
+- (nullable SecKeyRef)beginKeyRotationForKeyType:(ASAuthorizationProviderExtensionKeyType)keyType API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(beginKeyRotation(_:)) CF_RETURNS_RETAINED;
+
+/// @abstract Completes rotation for the key to replace the previous key.
+/// @param keyType The key type to retrieve.
+- (void)completeKeyRotationForKeyType:(ASAuthorizationProviderExtensionKeyType)keyType API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos) NS_SWIFT_NAME(completeKeyRotation(_:));
+
+
 /// @abstract Requests AppSSOAgent reauthenticate the current user for the current extension.  This is used when the tokens are revoked, or expired and need to be requested again.
 - (void)userNeedsReauthenticationWithCompletion:(void(^)(NSError * _Nullable error))completion;
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationProviderExtensionRegistrationHandler.h	2024-05-30 08:56:25
@@ -31,6 +31,8 @@
     ASAuthorizationProviderExtensionRequestOptionsRegistrationSharedDeviceKeys API_AVAILABLE(macos(14.0)) API_UNAVAILABLE(ios, watchos, tvos) = 1 << 2,
     // The registration is changing to or from shared device keys.
     ASAuthorizationProviderExtensionRequestOptionsRegistrationDeviceKeyMigration API_AVAILABLE(macos(14.0)) API_UNAVAILABLE(ios, watchos, tvos) = 1 << 3,
+    // A stronger key is available for rotation.
+    ASAuthorizationProviderExtensionRequestOptionsStrongerKeyAvailable API_AVAILABLE(macos(15.0), ios(18.0)) API_UNAVAILABLE(watchos, tvos) = 1 << 4,
     // The user secure enclave key is invalid and must be replaced.
     ASAuthorizationProviderExtensionRequestOptionsUserKeyInvalid API_AVAILABLE(macos(14.4)) API_UNAVAILABLE(ios, watchos, tvos) = 1 << 5,
 };
@@ -108,6 +110,31 @@
  @abstract The protocol version supported by the identity provider.
  */
 - (ASAuthorizationProviderExtensionPlatformSSOProtocolVersion)protocolVersion API_AVAILABLE(macos(14.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+
+
+/*!
+ @abstract The supported device signing algorithms.
+ */
+@property (readonly) NSArray<ASAuthorizationProviderExtensionSigningAlgorithm> * supportedDeviceSigningAlgorithms API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract The supported device encryption algorithms.
+ */
+@property (readonly) NSArray<ASAuthorizationProviderExtensionEncryptionAlgorithm> *supportedDeviceEncryptionAlgorithms API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract The supported user Secure Enclave Key signing algorithms.
+ */
+@property (readonly) NSArray<ASAuthorizationProviderExtensionSigningAlgorithm> *supportedUserSecureEnclaveKeySigningAlgorithms API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
+
+/*!
+ @abstract The specified keyType will rotate to a new key. The rotation is complete when the completion handler is called.  This is only called by the system for automatic key rotation.
+ */
+- (void)keyWillRotateForKeyType:(ASAuthorizationProviderExtensionKeyType)keyType
+                         newKey:(SecKeyRef)newKey
+                   loginManager:(ASAuthorizationProviderExtensionLoginManager *)loginManager
+                     completion:(void (^)(BOOL success))completion API_AVAILABLE(macos(15.0)) API_UNAVAILABLE(ios, watchos, tvos);
 
 
 @end
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput.h	2024-05-30 08:56:25
@@ -6,7 +6,7 @@
 
 NS_REFINED_FOR_SWIFT
 API_AVAILABLE(macos(14.0), ios(17.0)) API_UNAVAILABLE(tvos, watchos)
-@interface ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput : NSObject
+@interface ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput : NSObject <NSCopying, NSSecureCoding>
 
 @property (nonatomic, readonly) BOOL isSupported;
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionInput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionInput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionInput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionInput.h	2024-05-30 08:56:25
@@ -0,0 +1,27 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+NS_REFINED_FOR_SWIFT
+@interface ASAuthorizationPublicKeyCredentialPRFAssertionInputValues : NSObject
+
+- (instancetype)initWithSaltInput1:(NSData *)saltInput1 saltInput2:(nullable NSData *)saltInput2;
+
+@property (nonatomic, readonly) NSData *saltInput1;
+@property (nonatomic, nullable, readonly) NSData *saltInput2;
+
+@end
+
+API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+NS_REFINED_FOR_SWIFT
+@interface ASAuthorizationPublicKeyCredentialPRFAssertionInput : NSObject
+
+- (instancetype)initWithInputValues:(nullable ASAuthorizationPublicKeyCredentialPRFAssertionInputValues *)inputValues perCredentialInputValues:(nullable NSDictionary<NSData *, ASAuthorizationPublicKeyCredentialPRFAssertionInputValues *> *)perCredentialInputValues;
+
+@property (nonatomic, nullable, readonly) ASAuthorizationPublicKeyCredentialPRFAssertionInputValues *inputValues;
+@property (nonatomic, nullable, readonly) NSDictionary<NSData *, ASAuthorizationPublicKeyCredentialPRFAssertionInputValues *> *perCredentialInputValues;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionOutput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionOutput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionOutput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFAssertionOutput.h	2024-05-30 08:56:27
@@ -0,0 +1,13 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+NS_REFINED_FOR_SWIFT
+@interface ASAuthorizationPublicKeyCredentialPRFAssertionOutput: NSObject
+
+@property (nonatomic, readonly) NSData *first;
+@property (nonatomic, nullable, readonly) NSData *second;
+
+@end
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationInput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationInput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationInput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationInput.h	2024-05-30 08:56:27
@@ -0,0 +1,15 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+NS_REFINED_FOR_SWIFT
+@interface ASAuthorizationPublicKeyCredentialPRFRegistrationInput: NSObject
+
++ (instancetype)checkForSupport;
+
+@property (nonatomic, readonly) BOOL shouldCheckForSupport;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationOutput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationOutput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationOutput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationPublicKeyCredentialPRFRegistrationOutput.h	2024-05-30 08:56:27
@@ -0,0 +1,13 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+NS_REFINED_FOR_SWIFT
+@interface ASAuthorizationPublicKeyCredentialPRFRegistrationOutput: NSObject
+
+@property (nonatomic, readonly) BOOL isSupported;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider.h	2024-04-23 06:10:36
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider.h	2024-05-30 08:56:26
@@ -17,6 +19,8 @@
 @protocol ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider
 
 - (ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest *)createCredentialRegistrationRequestWithClientData:(ASPublicKeyCredentialClientData *)clientData name:(NSString *)name userID:(NSData *)userID;
+
+- (ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest *)createCredentialRegistrationRequestWithClientData:(ASPublicKeyCredentialClientData *)clientData name:(NSString *)name userID:(NSData *)userID requestStyle:(ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestStyle)requestStyle API_AVAILABLE(macos(15.0), ios(18.0)) API_UNAVAILABLE(tvos, watchos, visionos);
 
 - (ASAuthorizationPlatformPublicKeyCredentialAssertionRequest *)createCredentialAssertionRequestWithClientData:(ASPublicKeyCredentialClientData *)clientData;
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialIdentityStore.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialIdentityStore.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialIdentityStore.h	2024-05-02 05:53:29
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialIdentityStore.h	2024-05-31 09:05:15
@@ -35,6 +35,7 @@
     ASCredentialIdentityTypesAll = 0,
     ASCredentialIdentityTypesPassword = 1,
     ASCredentialIdentityTypesPasskey = 1 << 1,
+    ASCredentialIdentityTypesOneTimeCode = 1 << 2,
 } NS_SWIFT_NAME(ASCredentialIdentityStore.IdentityTypes) API_AVAILABLE(ios(17.4), macos(14.4), visionos(1.1)) API_UNAVAILABLE(tvos, watchos);
 
 AS_EXTERN API_AVAILABLE(ios(12.0), macCatalyst(14.0), macos(11.0)) API_UNAVAILABLE(tvos, watchos)
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderExtensionContext.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderExtensionContext.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderExtensionContext.h	2024-04-23 06:10:35
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderExtensionContext.h	2024-05-31 09:05:14
@@ -49,6 +50,14 @@
  */
 - (void)completeRegistrationRequestWithSelectedPasskeyCredential:(ASPasskeyRegistrationCredential *)credential completionHandler:(void(^ _Nullable)(BOOL expired))completionHandler API_AVAILABLE(ios(17.0), macos(14.0)) NS_SWIFT_NAME(completeRegistrationRequest(using:completionHandler:)) API_UNAVAILABLE(watchos, tvos);
 
+/*! @abstract Complete the request by providing the user selected one time code credential.
+ @param credential the credential that the user has selected.
+ @param completionHandler optionally contains any work which the extension may need to perform after the request has been completed,
+ as a background-priority task. The `expired` parameter will be YES if the system decides to prematurely terminate a previous
+ non-expiration invocation of the completionHandler.
+ @discussion Calling this method will eventually dismiss the associated view controller.
+ */
+- (void)completeOneTimeCodeRequestWithSelectedCredential:(ASOneTimeCodeCredential *)credential completionHandler:(void(^ _Nullable)(BOOL expired))completionHandler NS_SWIFT_NAME(completeOneTimeCodeRequest(using:completionHandler:)) API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
 
 
 /*! @abstract Complete the request to configure the extension.
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderViewController.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderViewController.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderViewController.h	2024-05-02 05:53:28
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialProviderViewController.h	2024-05-31 08:16:34
@@ -48,6 +51,16 @@
  */
 - (void)prepareCredentialListForServiceIdentifiers:(NSArray<ASCredentialServiceIdentifier *> *)serviceIdentifiers requestParameters:(ASPasskeyCredentialRequestParameters *)requestParameters API_AVAILABLE(ios(17.0), macos(14.0)) API_UNAVAILABLE(watchos, tvos);
 
+/*! @abstract Prepare the view controller to show a list of one time code credentials.
+ @param serviceIdentifiers the array of service identifiers.
+ @discussion This method is called by the system to prepare the extension's view controller to present the list of credentials.
+ A service identifier array is passed which can be used to filter or prioritize the credentials that closely match each service.
+ The service identifier array could have zero or more items. If there is more than one item in the array, items with lower indexes
+ represent more specific identifiers for which a credential is being requested. For example, the array could contain identifiers
+ [m.example.com, example.com] with the first item representing the more specifc service that requires a credential.
+ If the array of service identifiers is empty, it is expected that the credential list should still show credentials that the user can pick from.
+ */
+- (void)prepareOneTimeCodeCredentialListForServiceIdentifiers:(NSArray<ASCredentialServiceIdentifier *> *)serviceIdentifiers API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
 
 
 /*! @abstract Attempt to provide the user-requested credential without any user interaction.
@@ -159,6 +176,37 @@
 /// - Parameter registrationRequest: The passkey registration request parameters needed to
 ///   register a new passkey.
 - (void)prepareInterfaceForPasskeyRegistration:(id <ASCredentialRequest>)registrationRequest API_AVAILABLE(ios(17.0), macos(14.0)) API_UNAVAILABLE(watchos, tvos);
+
+/// Perform a conditional passkey registration, if possible.
+///
+/// This method will be called for handling conditional passkey registration requests. A conditional passkey registration request allows
+/// your extension to opportunistically register passkeys in the background, if and only if you believe the user is in a good state to do
+/// so. Your extension decides can decide what conditions make sense for whether to fulfill or reject this request. For example, an
+/// extension may decide to register a passkey only if all of the following conditions are met:
+/// - The user's vault is currently unlocked.
+/// - The user name for the registration request matches that for an existing saved password.
+/// - The matching saved password was filled recently.
+/// - The user does not already have a passkey for this account.
+///
+///
+/// Fulfilling this request should not remove a user's saved password for this account, but it may mean that the passkey will be
+/// preferred over the password in future AutoFill invocations, if both are supported.
+///
+/// Your extension should complete this request by calling `-[ASCredentialProviderExtensionContext completeRegistrationRequestWithSelectedPasskeyCredential:completionHandler:]`
+/// or`-[ASCredentialProviderExtensionContext cancelRequestWithError:]`, like for standard registration requests.
+/// However, this request is not allowed to show UI and `ASExtensionErrorCodeUserInteractionRequired` will be treated
+/// like any other error. The intent of this API is to provide a method of performing a background registration only where easy and
+/// convenient, so no blocking UI or error should ever be shown.
+///
+/// To indicate support for this feature, add `SupportsConditionalPasskeyRegistration` under the
+/// `ASCredentialProviderExtensionCapabilities` dictionary.
+///
+///     Info.plist
+///     ├─ NSExtension
+///         ├─ NSExtensionAttributes
+///             ├─ ASCredentialProviderExtensionCapabilities
+///                 ├─ SupportsConditionalPasskeyRegistration => true
+- (void)performPasskeyRegistrationWithoutUserInteractionIfPossible:(ASPasskeyCredentialRequest *)registrationRequest NS_SWIFT_NAME(performWithoutUserInteractionIfPossible(passkeyRegistration:)) API_AVAILABLE(macos(15.0), ios(18.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialRequest.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialRequest.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialRequest.h	2024-04-23 06:10:36
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASCredentialRequest.h	2024-05-30 08:56:26
@@ -14,10 +14,14 @@
 /*! @enum ASCredentialRequestType
  @constant ASCredentialRequestTypePassword Password credential type.
  @constant ASCredentialRequestTypePasskeyAssertion Passkey assertion credential type.
+ @constant ASCredentialRequestTypePasskeyRegistration Passkey registration credential type.
+ @constant ASCredentialRequestTypeOneTimeCode One Time Code credential type.
  */
 typedef NS_ENUM(NSInteger, ASCredentialRequestType) {
     ASCredentialRequestTypePassword = 0,
     ASCredentialRequestTypePasskeyAssertion,
+    ASCredentialRequestTypePasskeyRegistration API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos),
+    ASCredentialRequestTypeOneTimeCode API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos),
 } API_AVAILABLE(ios(17.0), macos(14.0)) API_UNAVAILABLE(tvos, watchos);
 
 /*! @protocol ASCredentialRequest
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASExtensionErrors.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASExtensionErrors.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASExtensionErrors.h	2024-04-23 06:10:36
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASExtensionErrors.h	2024-05-30 08:56:26
@@ -16,6 +16,9 @@
     ASExtensionErrorCodeUserCanceled = 1,
     ASExtensionErrorCodeUserInteractionRequired = 100,
     ASExtensionErrorCodeCredentialIdentityNotFound = 101,
+
+    /// This error should only be used for a passkey registration request, if the @c excludedCredentials property matches a known passkey.
+    ASExtensionErrorCodeMatchedExcludedCredential API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) = 102,
 } API_AVAILABLE(ios(12.0), macCatalyst(14.0), macos(11.0)) API_UNAVAILABLE(tvos, watchos);
 
 /*! @abstract A key that specifies an error string to be shown to the user when an extension request fails.
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredential.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredential.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredential.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredential.h	2024-05-30 08:56:25
@@ -0,0 +1,37 @@
+//
+//  ASOneTimeCodeCredential.h
+//  AuthenticationServices Framework
+//
+//  Copyright © 2021 Apple Inc. All rights reserved.
+//
+
+#import <AuthenticationServices/ASAuthorizationCredential.h>
+#import <AuthenticationServices/ASFoundation.h>
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+AS_EXTERN API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+@interface ASOneTimeCodeCredential : NSObject <ASAuthorizationCredential>
+
+- (instancetype)init NS_UNAVAILABLE;
+
+/*! @abstract Creates and initializes a new ASOneTimeCodeCredential object.
+ @param code the one time code.
+ */
++ (instancetype)credentialWithCode:(NSString *)code;
+
+/*! @abstract Initializes an ASOneTimeCodeCredential object.
+ @param code the one time code.
+ */
+- (instancetype)initWithCode:(NSString *)code NS_DESIGNATED_INITIALIZER;
+
+/*! @abstract The code of this credential.
+ @result The code string.
+ */
+@property (nonatomic, readonly, copy) NSString *code;
+
+@end
+
+NS_ASSUME_NONNULL_END
+
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialIdentity.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialIdentity.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialIdentity.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialIdentity.h	2024-05-30 08:56:27
@@ -0,0 +1,40 @@
+//
+//  ASOneTimeCodeCredentialIdentity.h
+//  AuthenticationServices Framework
+//
+//  Copyright © 2018 Apple Inc. All rights reserved.
+//
+
+#import <AuthenticationServices/ASCredentialIdentity.h>
+#import <AuthenticationServices/ASFoundation.h>
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class ASCredentialServiceIdentifier;
+
+/*! @class ASOneTimeCodeCredentialIdentity
+ An ASOneTimeCodeCredentialIdentity is used to describe an identity that can use a service upon successful one time code based authentication.
+ Use this class to save entries into ASCredentialIdentityStore.
+ */
+AS_EXTERN API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+@interface ASOneTimeCodeCredentialIdentity : NSObject<NSCopying, NSSecureCoding, ASCredentialIdentity>
+
+- (instancetype)init NS_UNAVAILABLE;
+
+/*! @abstract Initializes an instance of ASOneTimeCodeCredentialIdentity.
+ @param serviceIdentifier The service identifier for which this credential identity is valid.
+ @param label A user-provided label to identify the one time code.
+ @param recordIdentifier An optional string to uniquely identify this record in your local database.
+ */
+- (instancetype)initWithServiceIdentifier:(ASCredentialServiceIdentifier *)serviceIdentifier label:(NSString *)label recordIdentifier:(nullable NSString *)recordIdentifier;
+
+/*! @abstract A label to identify the one time code, typically supplied by the user.
+ This string will be shown in the AutoFill suggestion for this one time code credential.
+ */
+@property (nonatomic, readonly, copy) NSString *label;
+
+@end
+
+NS_ASSUME_NONNULL_END
+
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialRequest.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialRequest.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialRequest.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASOneTimeCodeCredentialRequest.h	2024-05-30 08:56:26
@@ -0,0 +1,21 @@
+// Copyright © 2023 Apple Inc. All rights reserved.
+
+#import <AuthenticationServices/ASCredentialRequest.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class ASOneTimeCodeCredentialIdentity;
+
+AS_EXTERN API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+@interface ASOneTimeCodeCredentialRequest : NSObject<ASCredentialRequest>
+
+- (instancetype)init NS_UNAVAILABLE;
+
+/*! @abstract Initializes an instance of ASOneTimeCodeCredentialRequest.
+ @param credentialIdentity the credential identity to use for this request.
+ */
+- (instancetype)initWithCredentialIdentity:(ASOneTimeCodeCredentialIdentity *)credentialIdentity NS_DESIGNATED_INITIALIZER;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredential.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredential.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredential.h	2024-04-23 06:10:36
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredential.h	2024-05-30 08:56:26
@@ -23,6 +25,14 @@
  */
 - (instancetype)initWithUserHandle:(NSData *)userHandle relyingParty:(NSString *)relyingParty signature:(NSData *)signature clientDataHash:(NSData *)clientDataHash authenticatorData:(NSData *)authenticatorData credentialID:(NSData *)credentialID;
 
+/*! @abstract Initializes an ASPasskeyCredential object.
+ @param userHandle The identifier for the account the passkey is associated with.
+ @param relyingParty The relying party.
+ @param signature The signature for the assertion challenge.
+ @param extensionOutput The outputs of WebAuthn extensions processed by the credential provider.
+ */
+- (instancetype)initWithUserHandle:(NSData *)userHandle relyingParty:(NSString *)relyingParty signature:(NSData *)signature clientDataHash:(NSData *)clientDataHash authenticatorData:(NSData *)authenticatorData credentialID:(NSData *)credentialID extensionOutput:(nullable ASPasskeyAssertionCredentialExtensionOutput *)extensionOutput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
+
 /*! @abstract Creates and initializes a new ASPasskeyCredential object.
  @param userHandle The identifier for the account the passkey is associated with.
  @param relyingParty the relying party.
@@ -53,6 +63,10 @@
 /*! @abstract The raw credential ID for this passkey credential.
  */
 @property (nonatomic, copy, readonly) NSData *credentialID;
+
+/*! @abstract The outputs of WebAuthn extensions processed by the credential provider.
+ */
+@property (nonatomic, copy, nullable) ASPasskeyAssertionCredentialExtensionOutput *extensionOutput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionInput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionInput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionInput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionInput.h	2024-05-30 08:56:25
@@ -0,0 +1,20 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput;
+
+/// This class encapsulates input for various WebAuthn extensions during passkey assertion.
+NS_REFINED_FOR_SWIFT
+API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos)
+@interface ASPasskeyAssertionCredentialExtensionInput : NSObject <NSCopying, NSSecureCoding>
+
+- (instancetype)init NS_UNAVAILABLE;
++ (instancetype)new NS_UNAVAILABLE;
+
+/// Input for the `largeBlob` extension in passkey assertion requests.
+@property (nonatomic, readonly, nullable) ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput *largeBlob;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionOutput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionOutput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionOutput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyAssertionCredentialExtensionOutput.h	2024-05-30 08:56:25
@@ -0,0 +1,19 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+@class ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput;
+
+NS_ASSUME_NONNULL_BEGIN
+
+/// This class encapsulates output for various WebAuthn extensions used during passkey assertion.
+NS_REFINED_FOR_SWIFT
+API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos)
+@interface ASPasskeyAssertionCredentialExtensionOutput : NSObject <NSCopying, NSSecureCoding>
+
+- (instancetype)initWithLargeBlobOutput:(nullable ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput *)largeBlob;
+
+/// Output for `largeBlob` operation during passkey assertion.
+@property (nonatomic, readonly, nullable, copy) ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput *largeBlobAssertionOutput;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequest.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequest.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequest.h	2024-04-23 06:10:37
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequest.h	2024-05-30 08:52:46
@@ -25,6 +30,22 @@
  */
 - (instancetype)initWithCredentialIdentity:(ASPasskeyCredentialIdentity *)credentialIdentity clientDataHash:(NSData *)clientDataHash userVerificationPreference:(ASAuthorizationPublicKeyCredentialUserVerificationPreference)userVerificationPreference supportedAlgorithms:(NSArray<NSNumber *> *)supportedAlgorithms NS_REFINED_FOR_SWIFT;
 
+/// Initializes an instance of ASPasskeyCredentialRequest.
+/// @param credentialIdentity credential identity to used for this request.
+/// @param clientDataHash the client data to be signed for this assertion request.
+/// @param userVerificationPreference user verification preference setting of this assertion request.
+/// @param supportedAlgorithms the set of support algorithms for the credential's key.
+/// @param assertionExtensionInput input for any requested passkey extensions.
+- (instancetype)initWithCredentialIdentity:(ASPasskeyCredentialIdentity *)credentialIdentity clientDataHash:(NSData *)clientDataHash userVerificationPreference:(ASAuthorizationPublicKeyCredentialUserVerificationPreference)userVerificationPreference supportedAlgorithms:(NSArray<NSNumber *> *)supportedAlgorithms assertionExtensionInput:(nullable ASPasskeyAssertionCredentialExtensionInput *)assertionExtensionInput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
+
+/// Initializes an instance of ASPasskeyCredentialRequest.
+/// @param credentialIdentity credential identity to used for this request.
+/// @param clientDataHash the client data to be signed for this assertion request.
+/// @param userVerificationPreference user verification preference setting of this assertion request.
+/// @param supportedAlgorithms the set of support algorithms for the credential's key.
+/// @param registrationExtensionInput input for any requested passkey extensions.
+- (instancetype)initWithCredentialIdentity:(ASPasskeyCredentialIdentity *)credentialIdentity clientDataHash:(NSData *)clientDataHash userVerificationPreference:(ASAuthorizationPublicKeyCredentialUserVerificationPreference)userVerificationPreference supportedAlgorithms:(NSArray<NSNumber *> *)supportedAlgorithms registrationExtensionInput:(nullable ASPasskeyRegistrationCredentialExtensionInput *)registrationExtensionInput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
+
 /*! @abstract Creates and initializes an instance of ASPasskeyCredentialRequest.
  @param credentialIdentity credential identity to used for this request. 
  @param clientDataHash the client data to be signed for this assertion request.
@@ -44,6 +65,16 @@
 /*! @abstract A list of signing algorithms supported by the relying party. Will be empty for assertion requests.
  */
 @property (nonatomic, readonly) NSArray<NSNumber *> *supportedAlgorithms NS_REFINED_FOR_SWIFT;
+
+@property (nonatomic, readonly, nullable) NSArray<ASAuthorizationPlatformPublicKeyCredentialDescriptor *> *excludedCredentials API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0));
+
+/*! @abstract Inputs for WebAuthn extensions used for passkey assertion. Will be nil for registration requests.
+ */
+@property (nonatomic, readonly, nullable) ASPasskeyAssertionCredentialExtensionInput *assertionExtensionInput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
+
+/*! @abstract Inputs for WebAuthn extensions used for passkey registration. Will be nil for assertion requests.
+ */
+@property (nonatomic, readonly, nullable) ASPasskeyRegistrationCredentialExtensionInput *registrationExtensionInput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequestParameters.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequestParameters.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequestParameters.h	2024-04-23 06:10:37
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyCredentialRequestParameters.h	2024-05-30 08:56:27
@@ -6,6 +6,8 @@
 
 AS_HEADER_AUDIT_BEGIN(nullability, sendability)
 
+@class ASPasskeyAssertionCredentialExtensionInput;
+
 /// A class that holds various parameters related to a passkey credential request.
 ///  This class is provided by the system to the credential provider extension when there is an active passkey request as part of
 ///  -[ASCredentialProviderViewController prepareCredentialListForServiceIdentifiers:requestParameters:] and should be used
@@ -27,6 +29,9 @@
 
 /// A list of allowed credential IDs for this request. An empty list means all credentials are allowed.
 @property (nonatomic, readonly, copy) NSArray<NSData *> *allowedCredentials;
+
+/// Inputs for WebAuthn extensions used for passkey assertion.
+@property (nonatomic, readonly, nullable) ASPasskeyAssertionCredentialExtensionInput *extensionInput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredential.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredential.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredential.h	2024-04-23 06:10:37
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredential.h	2024-05-30 08:56:26
@@ -11,24 +11,35 @@
 
 NS_ASSUME_NONNULL_BEGIN
 
+@class ASPasskeyRegistrationCredentialExtensionOutput;
+
 /*! @class This class encapsulates a passkey registration response created by a credential provider extension.
  */
 AS_EXTERN API_AVAILABLE(ios(17.0), macos(14.0)) API_UNAVAILABLE(tvos, watchos)
 @interface ASPasskeyRegistrationCredential : NSObject <ASAuthorizationCredential>
 
 /*! @abstract Initializes an ASPasskeyRegistrationCredential object.
- @param relyingParty the relying party identifier associated with this passkey.
- @param clientDataHash the JSON encoded client data for this registration result.
+ @param relyingParty The relying party identifier associated with this passkey.
+ @param clientDataHash The JSON encoded client data for this registration result.
  @param credentialID The unique identifier for this passkey.
- @param attestationObject the attestation object for this passkey registration result.
+ @param attestationObject The attestation object for this passkey registration result.
  */
 - (instancetype)initWithRelyingParty:(NSString *)relyingParty clientDataHash:(NSData *)clientDataHash credentialID:(NSData *)credentialID attestationObject:(NSData *)attestationObject;
 
+/*! @abstract Initializes an ASPasskeyRegistrationCredential object.
+ @param relyingParty The relying party identifier associated with this passkey.
+ @param clientDataHash The JSON encoded client data for this registration result.
+ @param credentialID The unique identifier for this passkey.
+ @param attestationObject The attestation object for this passkey registration result.
+ @param extensionOutput The output of WebAuthn extensions processed by the credential provider.
+ */
+- (instancetype)initWithRelyingParty:(NSString *)relyingParty clientDataHash:(NSData *)clientDataHash credentialID:(NSData *)credentialID attestationObject:(NSData *)attestationObject extensionOutput:(nullable ASPasskeyRegistrationCredentialExtensionOutput *)extensionOutput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
+
 /*! @abstract Creates and initializes an ASPasskeyRegistrationCredential object.
- @param relyingParty the relying party identifier associated with this passkey.
- @param clientDataHash the JSON encoded client data for this registration result.
+ @param relyingParty The relying party identifier associated with this passkey.
+ @param clientDataHash The JSON encoded client data for this registration result.
  @param credentialID The unique identifier for this passkey.
- @param attestationObject the attestation object for this passkey registration result.
+ @param attestationObject The attestation object for this passkey registration result.
  */
 + (instancetype)credentialWithRelyingParty:(NSString *)relyingParty clientDataHash:(NSData *)clientDataHash credentialID:(NSData *)credentialID attestationObject:(NSData *)attestationObject;
 
@@ -47,6 +58,10 @@
 /*! @abstract The attestation object for this passkey registration result.
  */
 @property (nonatomic, readonly) NSData *attestationObject;
+
+/*! @abstract The outputs for WebAuthn extensions processed by the credential provider.
+ */
+@property (nonatomic, copy, nullable) ASPasskeyRegistrationCredentialExtensionOutput *extensionOutput NS_REFINED_FOR_SWIFT API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos);
 
 @end
 
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionInput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionInput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionInput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionInput.h	2024-05-30 08:56:26
@@ -0,0 +1,20 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput;
+
+/// This class encapsulates input for various WebAuthn extensions during passkey registration.
+NS_REFINED_FOR_SWIFT
+API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(watchos, tvos)
+@interface ASPasskeyRegistrationCredentialExtensionInput : NSObject <NSCopying, NSSecureCoding>
+
+- (instancetype)init NS_UNAVAILABLE;
++ (instancetype)new NS_UNAVAILABLE;
+
+/// Input for the `largeBlob` extension in passkey registration requests.
+@property (nonatomic, readonly, nullable) ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput *largeBlob;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff -ruN /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionOutput.h /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionOutput.h
--- /Applications/Xcode_15.4.0.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionOutput.h	1970-01-01 01:00:00
+++ /Applications/Xcode_16.0.0-beta.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/AuthenticationServices.framework/Headers/ASPasskeyRegistrationCredentialExtensionOutput.h	2024-05-30 08:56:25
@@ -0,0 +1,19 @@
+// Copyright © 2024 Apple Inc. All rights reserved.
+
+NS_ASSUME_NONNULL_BEGIN
+
+@class ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput;
+
+/// This class encapsulates output for various WebAuthn extensions used during passkey registration.
+NS_REFINED_FOR_SWIFT
+API_AVAILABLE(ios(18.0), macos(15.0), visionos(2.0)) API_UNAVAILABLE(tvos, watchos)
+@interface ASPasskeyRegistrationCredentialExtensionOutput : NSObject <NSCopying, NSSecureCoding>
+
+- (instancetype)initWithLargeBlobOutput:(nullable ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput *)largeBlob;
+
+/// Output for `largeBlob` operation during passkey registration.
+@property (nonatomic, readonly, nullable, copy) ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput *largeBlobRegistrationOutput;
+
+@end
+
+NS_ASSUME_NONNULL_END