For any questions not answered here, feel free to start a discussion on the repo.
Does this store the user's fingerprint, PIN or patterns on my application? No. We only store the public key generated by the device.
Can a phishing site steal WebAuthn credentials and use them on my site? No. WebAuthn prevents phishing attacks.
Can WebAuthn data identify a particular device? No. Unless explicitly requested and authorized by the user.
Can a user register multiple devices? Yes. We suggest placing limits on how many devices a user may register, however.