Passkey - associated domains error only for app store reviewers

We recently shipped option to sign up/in using passkeys. Everything was working as expected and we didn't have any issues with passing app store review process.

Recently, when submitting new build with not passkey related updates, we got rejected due to the error, which apple reviewer faced during passkey creation. From our logs we can see that issue is about Associated Domains and webcredentials configuration:

The operation couldn’t be completed. Application with identifier X is not associated with domain Y.

The thing is that it is configured properly. AASA file is returned properly both from our server and from apple's CDN. Feature is 100% working on all our testing devices and we never got this error reported from any user. The only issue about that is received from reviewer device, which is iPad Air 5th generation on iOS 17.1.1 I was trying to reproduce the error in many ways, but I wasn't able to.

Is it possible that the error is faced only by apple reviewers due to some specific environment setup they use? Or maybe TestFlight installs manage AASA files checking in some different way? I found something about that in one thread on apple developer forum: https://developer.apple.com/forums/thread/108339 but not sure if it can be related.

Any help/guidance will be very appreciated, thanks!

Unfortunately it's difficult to diagnose without knowing more about what App Review saw. One place that's worth looking into is whether your server may potentially block certain automated connections, e.g. from different geographic regions.

Passkey - associated domains error only for app store reviewers
 
 
Q