In this scenario we have removed the need for passwords. The WebAuthn flow is exactly the same as for MFA, but for security reasons we could require userVerification (this is optional).
Note: When we say passwordless, what we mean is that no password is sent over the internet or stored in a database. Password, PINs or Biometrics might be used by the authenticator on the client