-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add functionality for configuring acr_values #122
Comments
Hi, first of all thanks for your interest on this project. Just to clerify that I understood the feature correct: you can configure that the user has to always login using his password neitherless if there are already authenticated or not. You just want an environment variable to configure that. |
The arc_values dictates/entforces the authentication contract when a user logs in.
Ofcourse, that is also described in the standard. |
Hi, I just finished it. I've tested it using keycloak. But I noticed in the past that this isn't a general test. Would it be possible to test it yourself? You can use the |
I am going to create a release if everything works as expected and an issue in an underlying dependency is fixed. (This may be able to be delayed for a later release.) |
The current implementation does not provide a means to send an authentication context.
This is described in OpenID Connect Core 1.0 incorporating errata set 1
The optional value is described in section 3.1.2.1. Authentication Request.
When an authentication context is not sent with the request it is up to the IDP to determine the contract to execute, and default this will be a Username/Password type.
By adding the acr_values parameter one can explicitly select a different contract to authenticate with, for example Username/Password/2FA.
The text was updated successfully, but these errors were encountered: