Yes, you are right GrapheneOS generally should work. But in detail as far as I understand this depends on the chosen Webauthn-verification-type. So for instance webauthn.io requires a pin to be entered for (NFC) registration as it will create a RK, which requires a PIN (e.g., this won't work for me). On the other side webauthn.coffee.bin works perfectly fine with (NFC) (create credential, get assertion) as both do not require a PIN, just user presence.
Generally speaking I have to admit that I do not know if PIN entry during NFC usage is a thing anyways. From a usability perspective this would be extremely painful to hold your Nitrokey3 at the right spot, then input the PIN (while not moving the Nitrokey). So I would suspect that PIN entry is either way not supported via NFC/Webauthn, frankly I personally have never seen this and I am using NFC for logins regularly.
Anyways, this is getting very technical. Maybe the forums would be a better place to discuss this, together with the experience of other users, would you like to move it there?
Yes, you are right GrapheneOS generally should work. But in detail as far as I understand this depends on the chosen Webauthn-verification-type. So for instance webauthn.io requires a pin to be entered for (NFC) registration as it will create a RK, which requires a PIN (e.g., this won't work for me). On the other side webauthn.coffee.bin works perfectly fine with (NFC) (create credential, get assertion) as both do not require a PIN, just user presence.
Generally speaking I have to admit that I do not know if PIN entry during NFC usage is a thing anyways. From a usability perspective this would be extremely painful to hold your Nitrokey3 at the right spot, then input the PIN (while not moving the Nitrokey). So I would suspect that PIN entry is either way not supported via NFC/Webauthn, frankly I personally have never seen this and I am using NFC for logins regularly.
Anyways, this is getting very technical. Maybe the forums would be a better place to discuss this, together with the experience of other users, would you like to move it there?