I am currently trying to integrate biometric logins to my webapp. I’ve been using the WebAuthn API to accomplish this. According to the spec and other docs I’ve read the server needs to provide a nonce or random string as a challenge. This challenge is then echoed back in the response as one of the many checks to determine this is legitimate. My problem is the challenge being returned is not the same as I send.