Open
Description
At the moment you have to use an unsandboxed daemon, with the socket mapped into the flatpak in order to be able to use fido2 in the flatpak. This could be circumvented by granting the flatpak an all-devices permission, which has the downside of being too broad and also marking the flatpak as unsafe on FlatHub.
The best way forward is a portal, such as proposed in:
flatpak/xdg-desktop-portal#989