From ff069fb18644683dcf0867e0fb1943b98dbf76cb Mon Sep 17 00:00:00 2001
From: Bryan Jacobs <b@q3q.us>
Date: Sun, 30 Jul 2023 22:48:12 +1000
Subject: [PATCH] Set pinProtocol for UV tokens when supported

This avoids situations where the authenticator is being used with
extensions that require a pinProtocol, and the pinProtocol defaults to
1.
---
 fido2/client.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/fido2/client.py b/fido2/client.py
index fd570aa..9775ed9 100644
--- a/fido2/client.py
+++ b/fido2/client.py
@@ -533,8 +533,10 @@ def _get_auth_params(
         pin_token = None
         pin_auth = None
         internal_uv = False
+        client_pin = ClientPin(self.ctap2)
+        if client_pin.is_token_supported(self.info):
+            pin_protocol = client_pin.protocol
         if self._should_use_uv(user_verification, mc) or permissions:
-            client_pin = ClientPin(self.ctap2)
             allow_internal_uv = not permissions
             permissions |= (
                 ClientPin.PERMISSION.MAKE_CREDENTIAL
@@ -545,7 +547,6 @@ def _get_auth_params(
                 client_pin, permissions, rp_id, event, on_keepalive, allow_internal_uv
             )
             if pin_token:
-                pin_protocol = client_pin.protocol
                 pin_auth = client_pin.protocol.authenticate(pin_token, client_data.hash)
             else:
                 internal_uv = True