I am currently testing my NK3 Mini which was updated to the latest firmware.
Regarding the FIDO2 Pin ( I call it like that as I have to enter it for the fido2 test)
I did set a FIDO2 pin using chromium browser. This worked out and I need to use the --pin option when doing pynitro nk3 test.
First I tested the setup at TOKEN2 - FIDO2 Demo - WebAuthn Login test which worked fine.
However when using Firefox (102.11.0esr) I was not asked for the FIDO2 pin.
Next test was with webauthn.io resulting in problems:
Using Chromium works fine (register and authenticate), a FIDO2 key is saved on the Nitrokey (nitropy fido2 list-credentials)
Using Firefox to register and authenticate works fine but no key is saved to the Nitrokey.
Using Chromium to register and trying to authenticate in Firefox does not work leading to a crash, making all further operations in nitropy impossible (Critical error: …failed (CTAP error: 0x06 - CHANNEL_BUSY)
This seems more associated to Firefox than to the Nitrokey but I think when a pin was set up there should be no way around the pin by using another browser.
What is the difference between the Fido2 pin and the one set using nitropy nk3 secrets set-pin?