1 files changed, 14 insertions, 3 deletions

diff --git a/example/index.ts b/example/index.ts
index 4b4179a..204f8a0 100644
--- a/example/index.ts
+++ b/example/index.ts
@@ -143,6 +143,12 @@ app.get('/generate-registration-options', async (req, res) => {
     })),
     authenticatorSelection: {
       residentKey: 'discouraged',
+      /**
+       * Wondering why user verification isn't required? See here:
+       *
+       * https://passkeys.dev/docs/use-cases/bootstrapping/#a-note-about-user-verification
+       */
+      userVerification: 'preferred',
     },
     /**
      * Support the two most common algorithms: ES256, and RS256
@@ -175,7 +181,7 @@ app.post('/verify-registration', async (req, res) => {
       expectedChallenge: `${expectedChallenge}`,
       expectedOrigin,
       expectedRPID: rpID,
-      requireUserVerification: true,
+      requireUserVerification: false,
     };
     verification = await verifyRegistrationResponse(opts);
   } catch (error) {
@@ -226,7 +232,12 @@ app.get('/generate-authentication-options', async (req, res) => {
       type: 'public-key',
       transports: dev.transports,
     })),
-    userVerification: 'required',
+    /**
+     * Wondering why user verification isn't required? See here:
+     *
+     * https://passkeys.dev/docs/use-cases/bootstrapping/#a-note-about-user-verification
+     */
+    userVerification: 'preferred',
     rpID,
   };
 
@@ -272,7 +283,7 @@ app.post('/verify-authentication', async (req, res) => {
       expectedOrigin,
       expectedRPID: rpID,
       authenticator: dbAuthenticator,
-      requireUserVerification: true,
+      requireUserVerification: false,
     };
     verification = await verifyAuthenticationResponse(opts);
   } catch (error) {