diff --git a/passkey-authenticator/src/authenticator/make_credential.rs b/passkey-authenticator/src/authenticator/make_credential.rs
index 4073b13..019bd60 100644
--- a/passkey-authenticator/src/authenticator/make_credential.rs
+++ b/passkey-authenticator/src/authenticator/make_credential.rs
@@ -150,9 +150,9 @@ where
             .set_make_credential_extensions(extensions.signed)?;
 
         let response = Response {
-            auth_data,
             fmt: "None".into(),
-            att_stmt: vec![0xa0].into(), // CBOR equivalent to empty map
+            auth_data,
+            att_stmt: coset::cbor::value::Value::Map(vec![]),
             ep_att: None,
             large_blob_key: None,
             unsigned_extension_outputs: extensions.unsigned,
diff --git a/passkey-types/src/ctap2/make_credential.rs b/passkey-types/src/ctap2/make_credential.rs
index 9f79625..cb95836 100644
--- a/passkey-types/src/ctap2/make_credential.rs
+++ b/passkey-types/src/ctap2/make_credential.rs
@@ -258,13 +258,13 @@ serde_workaround! {
     /// Upon successful creation of a credential, the authenticator returns an attestation object.
     #[derive(Debug)]
     pub struct Response {
-        /// The authenticator data object
+        /// The attestation statement format identifier
         #[serde(rename = 0x01)]
-        pub auth_data: AuthenticatorData,
+        pub fmt: String,
 
-        /// The attestation statement format identifier
+        /// The authenticator data object
         #[serde(rename = 0x02)]
-        pub fmt: String,
+        pub auth_data: AuthenticatorData,
 
         /// The attestation statement, whose format is identified by the "fmt" object member.
         /// The client treats it as an opaque object.