since we are using second-factor only (not passwordless), userVerification should not be used. Otherwise, Windows 10 Pro will unhelpfully require to set a PIN during registration.

Author: restena-sw

www/assets/js/webauthn.js

@@ -78,6 +78,9 @@ var publicKeyCredentialCreationOptions = {
             displayName: frontendData['state']['FIDO2Displayname'],
         },
         pubKeyCredParams: [{alg: -7, type: 'public-key'}],
+        authenticatorSelection: {
+            userVerification: "discouraged"
+        },
         timeout: 60000,
         attestation: frontendData['attestation'],
     }