NOTE: Trivore ID Documentation has moved to https://trivoreid.com
The content on this site IS OUT OF DATE!
This space has been archived!
Please go ahead to the new site!
OpenID Connect: amr value
- Kari Mattsson
- Antti Kallio
The amr value, as described in the OpenID Connect Core section 2. ID Token, reveals what authentication methods were used in the authentication. onePortal includes the amr JSON array value in the ID token by default.
The OpenID Connect specification does not specify the possible string values included in the amr value. RFC-8176 establishes a number of suggested values. onePortal supports a subset of those suggestions.
Value | Description |
|---|---|
mfa | Multiple factor authentication. Returned if "pwd" and one other method was used to sign-in. |
otp | One-time password (TOTP or HOTP) was used. |
pwd | User entered password to sign-in. |
sms | User entered a code they received via a SMS (text message) sent to user's registered mobile number. |
ID token after password-only authentication
{
"id_token": {
"amr": [
"pwd"
],
"at_hash": "UIejIhBKSrth201ZTTZrxA",
"aud": [
"6324127051294819"
],
"auth_time": 1535616780,
"azp": "6324127051294819",
"exp": 1536221581,
"iat": 1535616781,
"iss": "https://devel3.t5.fi",
"nonce": "9AzzrW8L5KOohBrk",
"sub": "58cfb7353874e103fc81ec5f"
}
}
ID token after authenticating with password and OTP
{
"id_token": {
"amr": [
"mfa",
"otp",
"pwd"
],
"at_hash": "RD3a9rZ6FuuGeEksQSR44g",
"aud": [
"6324127051294819"
],
"auth_time": 1535618565,
"azp": "6324127051294819",
"exp": 1536223366,
"iat": 1535618566,
"iss": "https://devel3.t5.fi",
"nonce": "DxZs70N05vJrKiLo",
"sub": "5a325c543874e16a85710c5e"
}
}