So excited about Cloudflare now supports security keys with Web Authentication (WebAuthn)!!
Can you please modify your WebAuthN navigator.credentials.create() call to specify user_verification="discouraged"? Without setting this, the enrollment and subsequent 2fa challenge(s) will pop up a pin entry. More info is available in this github issue if you would like to research this option.