upon further investigation, the origin is the extension (which makes sense since this is an extension api), but with webauthn if the origin is chrome-extension://, you have to drop the rp: id field, otherwise the navigator won't pop the enroll modal.
When we do drop the `rp: id`, the modal pops and we create a new pub key via the local chrome instance, but the remote chrome complains that the origin is wrong for the created key.
This lead us to discover y'all are using
remoteDesktopClientOverride extension to webauthn, which isn't mentioned at all in the webAuthenticationProxy extension api.
At this point, I would guess zero other developers on the web have used this api -- but I think everyone would benefit if y'all added documentation / a simple explainer on how the chrome.webAuthenticationProxy api is supposed to work e2e: is it only to be used with ctap2 authenticators? what are the remoteDesktopClientOverride settings? How do you set the rp:id when the origin is chrome-extension://?