From c834f0a3721a4995e87e1c3b7f071055ab740c6f Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sun, 21 Mar 2021 00:10:07 +0100
Subject: [PATCH] stages/authenticator_webauthn: explicitly allow
 cross-platform devices for iOS/safari

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/stages/authenticator_webauthn/stage.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/authentik/stages/authenticator_webauthn/stage.py b/authentik/stages/authenticator_webauthn/stage.py
index f4d20b7d8..d5e6080d8 100644
--- a/authentik/stages/authenticator_webauthn/stage.py
+++ b/authentik/stages/authenticator_webauthn/stage.py
@@ -120,11 +120,16 @@ class AuthenticatorWebAuthnStageView(ChallengeStageView):
             user.avatar,
         )
 
+        registration_dict = make_credential_options.registration_dict
+        registration_dict["authenticatorSelection"] = {
+            "authenticatorAttachment": "cross-platform"
+        }
+
         return AuthenticatorWebAuthnChallenge(
             data={
                 "type": ChallengeTypes.native.value,
                 "component": "ak-stage-authenticator-webauthn",
-                "registration": make_credential_options.registration_dict,
+                "registration": registration_dict,
             }
         )