Manage Fido2 NFC credentials

[solsticedhiver]

So I have a brand new Security Key by Yubico.

I tried a simple test on webauthn.io. Registering on my browser on my computer with the key plugged in on USB, and trying to authenticate on my mobile over NFC.
Or the reverse, trying to register over NFC on my mobile, and authenticateon my browser on my computer over USB.

That did not work, on either case. Is it simply because they use a different mean of access to my key, or is it because I have set a PIN. What if I remove the PIN of my key?

I have an NFC USB reader for my computer (ACS ACR122), and I can see my Yubikey over NFC with it.

But fido2-token can not see it, as far as I know. Do I need to do something else?
Is it possible to manage (aka delete) credential over NFC, like done over USB?

[solsticedhiver]

I noticed that libfido2 was built without PCSC support so I rebuilt it with USE_PCSC=ON, but it make no difference and fido2-token -L still lists nothing.

Edit: for the 1st question, I was able to do a cross-platform USB/NFC regsiter/atuh by changing the settings on webauthn.io; sorry.

[LDVG]

But fido2-token can not see it, as far as I know. Do I need to do something else?
Is it possible to manage (aka delete) credential over NFC, like done over USB?

1. What operating system are you using?

I noticed that libfido2 was built without PCSC support so I rebuilt it with USE_PCSC=ON, but it make no difference and fido2-token -L still lists nothing.

2. Have you tried cleaning the build folder before you reconfigure with USE_PCSC=ON?
3. Please provide debug output from by exporting FIDO_DEBUG=1 in your environment.

[solsticedhiver]

Ooops sorry, my bad. I needed to install other packages (one or all of ccid, acsccid, pcsc-tools).

Now, it works:

$ fido2-token -L
pcsc://slot0: vendor=0x0000, product=0x0000 (PC/SC ACS ACR122U 00 00)
$ fido2-token -I -c pcsc://slot0
Enter PIN for pcsc://slot0: 
existing rk(s): 0
remaining rk(s): 25
$ fido2-token -L -r pcsc://slot0
Enter PIN for pcsc://slot0: 
$

It is just weird that it does not list any relying party and/or crdential, since I registered on webauthn.io via NFC.
But, never mind.

[LDVG]

It should list them if you created them as discoverable credentials. The default may be dependent on the OS/browser/RP default settings so you may have to double check that it actually did create a discoverable credential.