Is "associated domain" is a must for AuthenticationServices?

I am writing a native macos app which using fido2 devices .

I used apis(ASAuthorizationSecurityKeyPublicKeyCredentialProvider....) in this doc. https://developer.apple.com/documentation/authenticationservices/public-private_key_authentication/supporting_security_key_authentication_using_physical_keys?language=objc

But now I met the issue that "Application with identifierxxx is not associated with domain xx" when creating credential.

I tried add "com.apple.developer.associated-domains" entitlements in my local apps. But it still has this issue.

I can not add AASA file since the domains are different public website, such as google.com. The websites are not related to my local app.

Is there a method to resolve this issue?

Do I need use another framework instead of AuthenticationServices? Thanks.

The ASAuthorization family of APIs is for signing in to services that you own. They work by releasing user credentials or other authentication information directly to your app, so they shouldn't be used for credentials that aren't yours. Signing in to other services, such as google.com, generally uses something like an OAuth flow. ASWebAuthenticationSession is an API from AuthenticationServices that makes doing OAuth really easy.

Is "associated domain" is a must for AuthenticationServices?
 
 
Q