Passkeys and Apple Associated Domains

Question

I've been trying to implement passkeys. I keep running into apple-app-site-association issues.

Error: The operation couldn’t be completed. Application with identifier abc is not associated with domain xyz

I have checked the following thoroughly:

1. Running on device with developer mode enabled and Associated Domains Developement enabled
2. Using https://github.com/swift-server/webauthn-swift on server
3. RelyingPartyID on server and on iOS App set as ngrok domain.
4. Debug entitlements have webcredentials and appatest keys set to ngrok domain.
5. No redirects are taking place for the apple-app-site-association which is a static file located at Public/.well-known/
6. The Header is set as JSON as follows

final class AppleSiteAssociationMiddleware: Middleware {
    func respond(to request: Request, chainingTo next: Responder) -> EventLoopFuture<Response> {
        // Check if this is a request for the apple-app-site-association file
        if request.url.path == "/.well-known/apple-app-site-association" {
            let directory = DirectoryConfiguration.detect().publicDirectory
            let filePath = directory + ".well-known/apple-app-site-association"
            
            if let data = FileManager.default.contents(atPath: filePath) {
                let response = Response(status: .ok, headers: ["Content-Type": "application/json"], body: .init(data: data))
                return request.eventLoop.makeSucceededFuture(response)
            } else {
                return request.eventLoop.makeFailedFuture(Abort(.notFound))
            }
        } else {
            return next.respond(to: request)
        }
    }
}

I can see the apple-app-site-association json in the safari desktop browser, via ngrok (https)

{
  "applinks": {
    "details": [
      {
        "appIDs": [
          "TeamID:BundleID"
        ],
        "components": []
      }
    ]
  },
  "appattest": {
    "apps": [
      "TeamID:BundleID"
    ]
  },
  "webcredentials": {
    "apps": [
      "TeamID:BundleID"
    ]
  }
}

In the iOS App

// iOS App

// in view
@Environment(\.authorizationController) private var authorizationController
let challenge = try await registrationClient.establishChallenge(username: username)
await accountStore.createPasskeyAccount(authorizationController: authorizationController, username: username, challenge: challenge)

// in accountStore
func createPasskeyAccount(authorizationController: AuthorizationController, username: String, challenge: Data, options: ASAuthorizationController.RequestOptions = []) async {
        do {
            let request = try await assertionRequest(type: .registration(username), challenge: challenge)
            let authorizationResult = try await authorizationController.performRequests([request], options: options) // throws here: Error: The operation couldn’t be completed. Application with identifier abc is not associated with domain xyz