5.2.3. - 6 Is `amr` always required?
Issue #301
invalid
The current text says:
6. shall verify that the amr
claim in an ID Token contains values appropriate for the LoA indicated by the acr
claim;
Question: is OB always returning amr
? If so, what values are returned?
Comment: Generally speaking, just relying on acr
is considered a good practice. I was pointed out of this on twitter by @Nov Matake
Comments (5)
-
-
reporter - changed status to invalid
It was there for ID2 but since then it was removed.
-
reporter - changed component to Part 2: Advanced
-
reporter - changed component to FAPI 1 – Part 2: Advanced
-
reporter - changed component to FAPI 1: Advanced
- Log in to comment
That text has I believe been removed from the current master version, at the same time the acr clauses were removed.
I don’t think OB generally returns amr, and the current FAPI conformance suite doesn’t do any checks on amr.