getKeyBindingChallenge

Returns a challenge for the key(s) to which the credential(s) will be bound.

For the key-bound credentials, the issuing server typically requires freshly-minted keys to be used. Freshness is typically guaranteed by signing some type of issuer-supplied challenge by either the key itself, or by some higher-level (attestation) keys. Exact details are determined by CredentialMetadata.keyBindingType.

This method must not be called for keyless credentials.