diff --git a/src/webauthn.php b/src/webauthn.php
index 5a854ef..fefa663 100644
--- a/src/webauthn.php
+++ b/src/webauthn.php
@@ -283,7 +283,7 @@ function authenticate($info, $userwebauthn){
     /* experience shows that at least one device (OnePlus 6T/Pie (Android phone)) doesn't set this, 
        so this test would fail. This is not correct according to the spec, so  pragmatically it may 
        have to be removed */
-    if ($ao->flags != 0x1) { $this->oops('cannot decode key response (2c)'); } /* only TUP must be set */
+    if (($ao->flags & 0x1) != 0x1) { $this->oops('cannot decode key response (2c)'); } /* only TUP must be set */
 
     /* assemble signed data */
     $clientdata = self::array_to_string($info->response->clientDataJSONarray);
@@ -372,4 +372,4 @@ private function oops($s, $c=0){
     throw new \Exception($s, $c);
   }
   
-}
\ No newline at end of file
+}