@@ -886,8 +886,10 @@ pub(crate) fn bio_enrollment(
886886 Some ( PinUvAuthResult :: SuccessGetPinToken ( t) )
887887 | Some ( PinUvAuthResult :: SuccessGetPinUvAuthTokenUsingUvWithPermissions ( t) )
888888 | Some ( PinUvAuthResult :: SuccessGetPinUvAuthTokenUsingPinWithPermissions ( t) )
889- if t. permissions
890- . contains ( PinUvAuthTokenPermission :: BioEnrollment ) =>
889+ if !authinfo. versions . contains ( & AuthenticatorVersion :: FIDO_2_1 ) // Only 2.1 has a permission-system
890+ || use_legacy_preview // Preview doesn't use permissions
891+ || t. permissions
892+ . contains ( PinUvAuthTokenPermission :: BioEnrollment ) =>
891893 {
892894 skip_puap = true ;
893895 cached_puat = true ;
@@ -1154,7 +1156,10 @@ pub(crate) fn credential_management(
11541156 Some ( PinUvAuthResult :: SuccessGetPinToken ( t) )
11551157 | Some ( PinUvAuthResult :: SuccessGetPinUvAuthTokenUsingUvWithPermissions ( t) )
11561158 | Some ( PinUvAuthResult :: SuccessGetPinUvAuthTokenUsingPinWithPermissions ( t) )
1157- if t. permissions == PinUvAuthTokenPermission :: CredentialManagement =>
1159+ if !authinfo. versions . contains ( & AuthenticatorVersion :: FIDO_2_1 ) // Only 2.1 has a permission-system
1160+ || use_legacy_preview // Preview doesn't use permissions
1161+ || t. permissions
1162+ . contains ( PinUvAuthTokenPermission :: CredentialManagement ) =>
11581163 {
11591164 skip_puap = true ;
11601165 cached_puat = true ;
@@ -1432,7 +1437,8 @@ pub(crate) fn configure_authenticator(
14321437 Some ( PinUvAuthResult :: SuccessGetPinToken ( t) )
14331438 | Some ( PinUvAuthResult :: SuccessGetPinUvAuthTokenUsingUvWithPermissions ( t) )
14341439 | Some ( PinUvAuthResult :: SuccessGetPinUvAuthTokenUsingPinWithPermissions ( t) )
1435- if t. permissions == PinUvAuthTokenPermission :: AuthenticatorConfiguration =>
1440+ if t. permissions
1441+ . contains ( PinUvAuthTokenPermission :: AuthenticatorConfiguration ) =>
14361442 {
14371443 skip_puap = true ;
14381444 cached_puat = true ;
0 commit comments