From cb9ed5024879c80436e99b79e9e3554d1b167fa6 Mon Sep 17 00:00:00 2001
From: Oscar Hinton <oscar@oscarhinton.com>
Date: Wed, 12 May 2021 18:46:35 +0200
Subject: [PATCH] Discourage user verification on WebAuthn enroll (#1322)

---
 src/Core/Services/Implementations/UserService.cs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Core/Services/Implementations/UserService.cs b/src/Core/Services/Implementations/UserService.cs
index 3f41e5df5c..b5c9855185 100644
--- a/src/Core/Services/Implementations/UserService.cs
+++ b/src/Core/Services/Implementations/UserService.cs
@@ -526,7 +526,13 @@ namespace Bit.Core.Services
                 .Select(k => new TwoFactorProvider.WebAuthnData((dynamic)k.Value).Descriptor)
                 .ToList();
 
-            var options = _fido2.RequestNewCredential(fidoUser, excludeCredentials, AuthenticatorSelection.Default, AttestationConveyancePreference.None);
+            var authenticatorSelection = new AuthenticatorSelection
+            {
+                AuthenticatorAttachment = null,
+                RequireResidentKey = false,
+                UserVerification = UserVerificationRequirement.Discouraged
+            };
+            var options = _fido2.RequestNewCredential(fidoUser, excludeCredentials, authenticatorSelection, AttestationConveyancePreference.None);
 
             provider.MetaData["pending"] = options.ToJson();
             providers[TwoFactorProviderType.WebAuthn] = provider;