Whoa EZ there, those things are all trash, I've been deep diving the webauthn+fido2 specs past months, and it's a proprietary hellhole. Not a solution for anything.
For instance, the architects decided that the public key should only be exposed once and stored in a mysql Database. Instead they rely on something called credential ID.
The point is, these devices were and are designed for web 2.0.
Oh right, Google injects data into your payload:
The entire passkey standard is big-enterprise.