From f23d2a445541bc9cfd9a5016ee301580737bfca1 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 1 Jun 2020 20:08:58 +0200
Subject: [PATCH] set user verification to discouraged

---
 lam/lib/webauthn.inc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lam/lib/webauthn.inc b/lam/lib/webauthn.inc
index 8ce4a5c7..6fe880cf 100644
--- a/lam/lib/webauthn.inc
+++ b/lam/lib/webauthn.inc
@@ -110,6 +110,7 @@ class WebauthnManager {
 		$credentialParameters = $this->getCredentialParameters();
 		$excludedKeys = $this->getExcludedKeys($userEntity, $extraExcludedKeys);
 		$timeout = $this->getTimeout();
+		$authenticatorSelectionCriteria = new AuthenticatorSelectionCriteria(null, false, AuthenticatorSelectionCriteria::USER_VERIFICATION_REQUIREMENT_DISCOURAGED);
 		$registrationObject = new PublicKeyCredentialCreationOptions(
 			$rpEntity,
 			$userEntity,
@@ -117,7 +118,7 @@ class WebauthnManager {
 			$credentialParameters,
 			$timeout,
 			$excludedKeys,
-			new AuthenticatorSelectionCriteria(),
+			$authenticatorSelectionCriteria,
 			PublicKeyCredentialCreationOptions::ATTESTATION_CONVEYANCE_PREFERENCE_NONE,
 			new AuthenticationExtensionsClientInputs());
 		logNewMessage(LOG_DEBUG, 'Webauthn registration: ' . json_encode($registrationObject));