openid / fapi / issues / #301 - 5.2.3. - 6 Is `amr` always required? — Bitbucket

Issue #301 invalid

Nat Sakimura created an issue 2020-07-15

The current text says:

6. shall verify that the amr claim in an ID Token contains values appropriate for the LoA indicated by the acr claim;

Question: is OB always returning amr? If so, what values are returned?

Comment: Generally speaking, just relying on acr is considered a good practice. I was pointed out of this on twitter by @Nov Matake

Comments (5)

Joseph Heenan
That text has I believe been removed from the current master version, at the same time the acr clauses were removed.

I don’t think OB generally returns amr, and the current FAPI conformance suite doesn’t do any checks on amr.
- 2020-07-15T10:52:25+00:00
Nat Sakimura reporter
- changed status to invalid
It was there for ID2 but since then it was removed.
- 2020-07-16T19:01:55+00:00
Nat Sakimura reporter
- changed component to Part 2: Advanced
- 2022-12-14T15:36:08+00:00
Nat Sakimura reporter
- changed component to FAPI 1 – Part 2: Advanced
- 2022-12-14T15:36:42+00:00
Nat Sakimura reporter
- changed component to FAPI 1: Advanced
- 2022-12-14T15:38:52+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Component: FAPI 1: Advanced

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!