simpleidserver
commented
2 months ago The RFC https://openid.net/specs/openid-connect-registration-1_0-19.html provides the following definitions for the default_acr_values. Therefore, it is normal for the first value to be selected if no value is specified in the acr_values request.
the default_acr_values is an array of strings that specifies the default acr values that the Authorization Server is being requested to use for processing requests from this client, with the values appearing in order of preference.
On the client, Default acr methods supports multiple methods by default. When multiple methods are selected, only the first method takes effect. The second method does not take effect.
For example, I chose pwd and sms:
Then I click Log out and go to the login page:
Only pwd login, not sms.
I think it should be changed to single, if it is multiple, the choice of registration method will be confused.