Is your feature request related to a problem? Please describe.
In #453 / #454 we implemented the new properties for risk and returnUrl, they can now be used by the core package to enhance the security in the flow.
Describe the solution you'd like
Set returnRisk to true for all requests so that the one implementing Active Login can act on the risk level
Allow for the risk on the Requirement to be set for both auth and sign
Set the returnUrl withn a nonce that we keep in our state cookie and then verify it on return
Is your feature request related to a problem? Please describe. In #453 / #454 we implemented the new properties for risk and returnUrl, they can now be used by the core package to enhance the security in the flow.
Describe the solution you'd like