avthart
commented
9 years ago As a workaround we are going to implement a custom "OIDCTokenService" which will set the amr and acr based on the login (username/password with 2fa, smartcard login, etc.).
Open avthart opened 9 years ago
avthart
commented
9 years ago As a workaround we are going to implement a custom "OIDCTokenService" which will set the amr and acr based on the login (username/password with 2fa, smartcard login, etc.).
avthart
commented
9 years ago We have used the following draft spec to add amr values to the ID Token: http://tools.ietf.org/html/draft-jones-oauth-amr-values-00
jricher
commented
9 years ago The custom OIDCTokenService is the recommended solution at this point in time. It is already designed to be pluggable: just write a replacement service in your overlay and mark the bean as @Primary.
We would like to have a mechanism in the Mitre OpenID Connect server, so that you can specify a "acr" or "amr" claim. Would be nice if this can be made pluggable.