Adaptation to France Connect requiring an ACR value.
From 2020, FranceConnect will allow you to use identities with a substantial and / or high level of guarantee for your most sensitive services. Your requests to FranceConnect will therefore have to integrate the expected Eidas guarantee level.
The "acr" claim of the OpenID Connect standard (http://openid.net/specs/openid-connect-basic-1_0.html#RequestParameters) must be filled in during the authentication request (call to the endpoint / api / v1 / authorize You must specify a value corresponding to the eIDAS level used from among the following:
eidas1: standard level (example: authentication by username / password)
eidas2: substantial level (example: second factor, eIDAS approved)
eidas3: high level (example: use of certificates, card readers, ... eIDAS approved)
Any other value or lack of value will by default be interpreted by the high guarantee level.
Adaptation to France Connect requiring an ACR value.