I've found that restricting the webcredentials's apps to one App solves the issue, but this is not ideal for when we'd like to support more Apps and their associated environments. If "apps" supports only one item, then perhaps it shouldn't be an array? So to ensure that Prod Environment works, this is the content served at https://example.co.za/.well-known/apple-app-site-association { "applinks": { "details": [] }, "webcredentials": { "apps": [ "123ABCDEF4.com.example.app" ] }, "appclips": { "apps": [] } } To ensure that the Staging/Test environment works, this is the content served at https://staging.example.co.za/.well-known/apple-app-site-association { "applinks": { "details": [] }, "webcredentials": { "apps": [ "123ABCDEF4.com.example.app.staging" ] }, "appclips": { "apps": [] } } In the case of Prod, we need to ensure that WebAuthN is initiated with example.co.za (and webcredentials in Xcode matches that) In the case of Staging/Test, we need to ensure that WebAuthN is initiated with staging.example.co.za (and webcredentials in Xcode matches that)