Yes, the implementation is a challenge and the WebAuthn specs are even for experienced devs hard to understand (as it's an entirely new paradigm compared to other authentication methods).
In your case with your phone, I suspect that Yahoo has implemented some kind of device management and works with the WebAuthn request option AllowedCredentials to allow only certain credentials on a device (here probably something was messed up).
In your case with your phone, I suspect that Yahoo has implemented some kind of device management and works with the WebAuthn request option AllowedCredentials to allow only certain credentials on a device (here probably something was messed up).