From 68e4b67bd212e31ecc20277bfd293c94bf7f3642 Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Sun, 25 May 2025 17:09:05 +0200
Subject: [PATCH] feat: require user verification for passkey sign in

---
 backend/internal/service/webauthn_service.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/internal/service/webauthn_service.go b/backend/internal/service/webauthn_service.go
index 50dd3c62..f12675a8 100644
--- a/backend/internal/service/webauthn_service.go
+++ b/backend/internal/service/webauthn_service.go
@@ -29,6 +29,9 @@ func NewWebAuthnService(db *gorm.DB, jwtService *JwtService, auditLogService *Au
 		RPDisplayName: appConfigService.GetDbConfig().AppName.Value,
 		RPID:          utils.GetHostnameFromURL(common.EnvConfig.AppURL),
 		RPOrigins:     []string{common.EnvConfig.AppURL},
+		AuthenticatorSelection: protocol.AuthenticatorSelection{
+			UserVerification: protocol.VerificationRequired,
+		},
 		Timeouts: webauthn.TimeoutsConfig{
 			Login: webauthn.TimeoutConfig{
 				Enforce:    true,