NOTE: Trivore ID Documentation has moved to https://trivoreid.com

The content on this site IS OUT OF DATE!

This space has been archived!

Please go ahead to the new site!

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Permalink: https://doc.oneportal.fi/x/NIAW

The amr value, as described in the OpenID Connect Core section 2. ID Token, reveals what authentication methods were used in the authentication. onePortal includes the amr JSON array value in the ID token by default.

The OpenID Connect specification does not specify the possible string values included in the amr value. RFC-8176 establishes a number of suggested values. onePortal supports a subset of those suggestions.

ValueDescription
mfaMultiple factor authentication. Returned if "pwd" and one other method was used to sign-in.
otpOne-time password (TOTP or HOTP) was used.
pwdUser entered password to sign-in.
smsUser entered a code they received via a SMS (text message) sent to user's registered mobile number.


ID token after password-only authentication

"id_token": {
    "amr": [
        "pwd"
    ],
    "at_hash": "UIejIhBKSrth201ZTTZrxA",
    "aud": [
        "6324127051294819"
    ],
    "auth_time": 1535616780,
    "azp": "6324127051294819",
    "exp": 1536221581,
    "iat": 1535616781,
    "iss": "https://devel3.t5.fi",
    "nonce": "9AzzrW8L5KOohBrk",
    "sub": "58cfb7353874e103fc81ec5f"
},


ID token after authenticating with password and OTP

"id_token": {
    "amr": [
        "mfa",
        "otp",
        "pwd"
    ],
    "at_hash": "RD3a9rZ6FuuGeEksQSR44g",
    "aud": [
        "6324127051294819"
    ],
    "auth_time": 1535618565,
    "azp": "6324127051294819",
    "exp": 1536223366,
    "iat": 1535618566,
    "iss": "https://devel3.t5.fi",
    "nonce": "DxZs70N05vJrKiLo",
    "sub": "5a325c543874e16a85710c5e"
},

  • No labels