Permalink: https://doc.oneportal.fi/x/NIAW
The amr value, as described in the OpenID Connect Core section 2. ID Token, reveals what authentication methods were used in the authentication. onePortal includes the amr JSON array value in the ID token by default.
The OpenID Connect specification does not specify the possible string values included in the amr value. RFC-8176 establishes a number of suggested values. onePortal supports a subset of those suggestions.
Value | Description |
|---|---|
mfa | Multiple factor authentication. Returned if "pwd" and one other method was used to sign-in. |
otp | One-time password (TOTP or HOTP) was used. |
pwd | User entered password to sign-in. |
sms | User entered a code they received via a SMS (text message) sent to user's registered mobile number. |
ID token after password-only authentication
| Code Block | ||
|---|---|---|
| ||
{ "id_token": |
...
{ "amr": |
...
[ "pwd" |
...
], |
...
"at_hash": "UIejIhBKSrth201ZTTZrxA", |
...
"aud": |
...
[ "6324127051294819" |
...
], |
...
"auth_time": 1535616780, |
...
"azp": "6324127051294819", |
...
"exp": 1536221581, |
...
"iat": 1535616781, |
...
"iss": "https://devel3.t5.fi", |
...
"nonce": "9AzzrW8L5KOohBrk", |
...
"sub": "58cfb7353874e103fc81ec5f" |
...
} } |
...
ID token after authenticating with password and OTP
| Code Block | ||
|---|---|---|
| ||
{ "id_token": |
...
{ "amr": |
...
[ "mfa", |
...
"otp", |
...
"pwd" |
...
], |
...
"at_hash": "RD3a9rZ6FuuGeEksQSR44g", |
...
"aud": |
...
[ "6324127051294819" |
...
], |
...
"auth_time": 1535618565, |
...
"azp": "6324127051294819", |
...
"exp": 1536223366, |
...
"iat": 1535618566, |
...
"iss": "https://devel3.t5.fi", |
...
"nonce": "DxZs70N05vJrKiLo", |
...
"sub": "5a325c543874e16a85710c5e" |
...
} } |
...