AFAIK, passkeys aren't really linked to a domain. It's old-school public-key verification, the server stores your public key and uses it to verify the signature of a challenge they send to your device on login. As long as the different domains/apps can share the public key you should be able to login.
The credentials are scoped to a relying party, which must be equal to the domain or registrable domain suffix:
If this wasn't the case and it was old-school public-key verification, it would still be vulnerable to phishing, since the phishing site could just forward the challenges.
The credentials are scoped to a relying party, which must be equal to the domain or registrable domain suffix:
https://www.w3.org/TR/webauthn-2/#scope
If this wasn't the case and it was old-school public-key verification, it would still be vulnerable to phishing, since the phishing site could just forward the challenges.