feat(jans-auth): remove extra info from `acr` claim in `id_token` when it's an agama flow

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO

https://docs.jans.io

Apache License 2.0

457 stars 74 forks source link

feat(jans-auth): remove extra info from `acr` claim in `id_token` when it's an agama flow #8348

Closed jgomer2001 closed 5 months ago

jgomer2001 commented 5 months ago

Formerly (when using acr_values=agama&agama_flow=...) for an authn request, the agama_flow param might optionally carry some extra data like

<flow qname>-<extra>

Please ensure to ignore any stuff after (and including) the hyphen, if present, when populating the acr in id_token. In other words, keeping just the flow name

yuriyz commented 5 months ago

@jgomer2001 in this PR AS is switched to acr_values=agama_<flow>. So I will make sure that acr_values=agama_<flow>-params will end up as acr: agama_<flow> in id_token (without -params).

yuriyz commented 5 months ago

We need to allow parameters preserve till script and cut it only for id_token. Re-opening ticket.