Record original authentication type in the JWT authentication type

[robotdan]

Record original authentication type in the JWT authentication type

Description

I want to identify the original authentication method in a JWT produced by using a Refresh token.

Workflow 1

1. Login via Pasword
2. JWT produced will contain PASSWORD as the authentication type
3. Produce a JWT using the Refresh Token from step 1.
4. The JWT should identify REFRESH_TOKEN as the authentication type and the original method as well.

Workflow 2

A JWT produced by completing 2FA for standalone or through login, needs to also keep track of the origin. In this case, we also want to understand which MFA method was used to get this JWT.

This could be the phone number, email or unique Id of the Two Factor Method.

Related

• Access to more data from a Lambda? #229
• Feature : Requesting claims using the claims request parameter #308
• Support Authentication Context Class Reference (acr_values) when making a request to a 3rd Party OIDC IdP #339
• Add a claim when someone has gone through step-up #1491
• new JWT claims and doc reserved claims #1669

When using OAuth, we do add gty to the JWT header, but this would likely be a user claim.

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.