Make "acr" Claim values be arrays of ACR identifiers
Issue #789
resolved
Just as was done for PAPE, we should have "acr" claim values be a list of the policies that the OP was able to satisfy/use and not assume that it's a singleton.
The PAPE language at http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#anchor9 is:
openid.pape.auth_policies
One or more authentication policy URIs representing policies that the OP satisfied when authenticating the End User.
Value: Space separated list of authentication policy URIs.
I believe we'll regret it if we don't do this.
Comments (3)
-
-
reporter -
assigned issue to
Rather than making "acr" multi-valued, we will define a new "amr" (authentication methods references) claim, whose value is a list of authentication method references.
-
assigned issue to
-
reporter - changed status to resolved
Fixed
#789- Added "amr" (authentication methods references) Claim.→ <<cset 6da2f0857eb5>>
- Log in to comment
+1