Safari Biometrics disabled? [SOLVED]

+1 for the frustration here; this makes the Safari extension extremely inconvenient to use now; it's easier to just manually open the 1P app and use Face ID (then manually copy credentials back to Safari) than to type my long master password -- especially if I happen to be in public.

The explanation that a change in WebAuthn implementation is incompatible with 1P's security model is sensible if true, and I'm supportive of AB/1P prioritizing security over usability here if so. However I'd be really curious for more technical detail on what changed and what assumptions 1P was making about WebAuthn that were broken. This would give an idea whether this is likely to be fixable in a 1P update or whether it will depend on Apple's willingness to change their WebAuthn implementation (which is far more uncertain and might mean no fix until iOS 17+...). It would also give greater confidence that the reasoning is legitimate & in our best interest as users, and thus probably alleviate some of the frustration expressed in this thread.

I also wonder if there are other ways that 1P could work around this, e.g. can the Safari extension launch the app, have the app do the Touch/Face ID authentication, then send a token back to the Safari Extension? That would be similar to how some mobile apps handle cross-app OAuth flows, and it appears there is an API for secure messaging between the native app and its associated extension: https://developer.apple.com/documentation/safariservices/safari_web_extensions/messaging_between_the_app_and_javascript_in_a_safari_web_extension?language=objc

Thanks in advance for any additional transparency that can be provided.