From 3fc1decfadfcf1eb79c1cdce1983ff01f3a5b9f3 Mon Sep 17 00:00:00 2001
From: Allen Li <darkfeline@felesatra.moe>
Date: Wed, 30 Jul 2025 00:12:05 +0000
Subject: [PATCH] fix(reauth): Use UV=preferred for ReAuth WebAuthn challenge

Since ReAuth is a second factor credential, it is not necessary to
require UV here.  This was discussed with ReAuth folks.

Also, in practice, downstream clients disregard this because the U2F
protocol doesn't expose UV enforcement.
---
 google/oauth2/challenges.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/google/oauth2/challenges.py b/google/oauth2/challenges.py
index 6468498bc..59a2f9be4 100644
--- a/google/oauth2/challenges.py
+++ b/google/oauth2/challenges.py
@@ -225,7 +225,7 @@ def _obtain_challenge_input_webauthn(self, metadata, webauthn_handler):
             challenge=self._unpadded_urlsafe_b64recode(challenge),
             timeout_ms=WEBAUTHN_TIMEOUT_MS,
             allow_credentials=allow_credentials,
-            user_verification="required",
+            user_verification="preferred",
             extensions=extension,
         )