From 24ac6d2c25c2c4c85ae90dc93a85fdc04d27628c Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 21 Mar 2021 16:52:14 +0100
Subject: [PATCH] stages/authenticator_webauthn: prefer Biometrics over
 security key

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/stages/authenticator_webauthn/stage.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/authentik/stages/authenticator_webauthn/stage.py b/authentik/stages/authenticator_webauthn/stage.py
index d5e6080d8b..d16e426158 100644
--- a/authentik/stages/authenticator_webauthn/stage.py
+++ b/authentik/stages/authenticator_webauthn/stage.py
@@ -122,7 +122,8 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
 
         registration_dict = make_credential_options.registration_dict
         registration_dict["authenticatorSelection"] = {
-            "authenticatorAttachment": "cross-platform"
+            "requireResidentKey": False,
+            "userVerification": "preferred",
         }
 
         return AuthenticatorWebAuthnChallenge(