Bumping this -- I have this issue as well. In fact, it's blocking apple review -- we utilize passkeys for account creation (not MFA) so that it complies with 4.8: Login Services requirement for the App Store, as passkey account creation is completely PII private. Imo, this is a pretty catastrophic issue for user security and experience. Any onboarding experience that requires MFA setup with passkey/passkey account creation (good security practice!) has a chance of not succeeding because the AASA does not get fetched. This causes churn, less secure practices, and then requires app developers to add in copy into their app saying something along the lines of "We have no ability to force Apple to fetch the config required to continue sign up, so try again in a few minutes, you'll just have to wait." And, there's no way to check if it's available before launching the ASAuthorizationController so you can't even implement a fallback before the error bubbles to the user!! Is there not a config that Apple controls on the App Store based on package name to include the relevant AASA upon cold install? It feels pretty shocking that there isn't a way to request this file from Apple's CDN as an API, or a way to include it in the installed ipa when installing from App Store.