Alright, got it. Again, thanks for your help, I really appreciate it!

Dear Garrett, based on all the threads on passkeys I read in this forum before asking my question, I was hoping to get a rely from you. And sure enough, you delivered. Thanks to your answer I got it working now! If you don't mind, I'd have a follow-up question now that it works: I'm wondering about the role of the challenge in registration. The way I see it, there is no signature returned when using ASAuthorizationPlatformPublicKeyCredentialRegistration. Why does createCredentialRegistrationRequest take a challenge as a param then? All it seems to do is return the same challenge. So when sending the above mentioned attestation object to the server, it seems there is no way to verify that the public key I'm sending was indeed intended for the session which requested the challenge from the server earlier. Or am I missing something here?