If not, would one file a request for it at RHBZ, GitHub, forge.fedoraproject.org/infra/tickets/issues, or, gosh forbid, Pagure? I ask because I want to.
My rationale is that, currently, we must utilise solely TOTP 2FA.
I think the tracker for the Fedora account system is here:
It’s a bit more complicated than that. Noggin is just the portal. The auth system as a whole has quite a few moving parts.
A general infra ticket (the forge.fp.o link in OP) is probably the best idea, then folks can move it / split it to appropriate specific components. But I’m not sure how much capacity there is for this ATM 
It might at least have to wait, e.g., until we can get off Ipsilon and onto Keycloak…
Perhaps this is just Add passkey management support · Issue #1424 · fedora-infra/noggin · GitHub
?
I haven’t used / seen CTAP1/CTAP2 before…
AFAICT, CTAP1 is a rebranding of Fido U2F and CTAP2 is an extension of that. So it’s the webauthn / passkey stuff, basically. Client to Authenticator Protocol - Wikipedia . So yes, that issue - but don’t we also need support for it in all the places where we currently expect you to retype a TOTP second factor? So, Ipsilon, but also stuff like whatever prompts us for second factor when doing sudo on infra boxes?
well, depending on what one and where, yes… but ipa does have some
support in this area already, we just don’t have any way for users to
enroll without noggin having support.
Also, we may need keycloak for web side of things, but we are already
working toward that.
@kevin, turns-out that you certainly thought so when you last encountered such a report:
Consequently, I’ll subscribe to your cited issue, instead. Thanks.
@adamwill, to my knowledge, the distinction is:
| Previous Name | Current Name | Purpose |
|---|---|---|
| FIDO U2F | CTAP1 | 2FA |
| FIDO2 | CTAP2 | 1FA |