WebAuthn, Username Enumeration & email as username


Considering that some of us might have enforced the use of the email address as username in Keycloak.
When enabling WebAuthn, are we at risk regarding Username Enumeration (Web Authentication: An API for accessing Public Key Credentials - Level 3)? or is there countermeasures implemented in Keycloak?

Many thanks for your help