Because the data classes uses the Json.NET data attributes, library users MUST reference this library, even if they prefer to use System.Text.Json, or even if they do not need serialization at all.
This hard dependency should be removed in favor of an optional component that would configure the models to be used with Json.NET if needed.
Because they have two different purposes, and will probably never be used at the same time, should we have one website for the demo and another for conformance testing, instead of one for both?
In some cases, some methods throws Fido2VerificationException, even though the problem is clearly not an error related to the Fido2 verification, but rather a programmer error (such as when a null argument is send).
An example can be found in AuthenticatorAttestationResponse.Parse, which throws Fido2VerificationException instead of NullReferenceException when its argument is null.