[Openid-specs-ab] Request amr ?

John Bradley ve7jtb at ve7jtb.com
Mon Sep 8 22:08:25 UTC 2014


You request a acr, and that can have whatever rules for acceptable AMR you like. 

Requesting a specific AMR is not scalable.  The first time you add a new AMR even if it is better things break unless it is a small federation that is configured out of band.  

If that is the case and you don't care about identity proofing etc.  Then just map acr to classes of AMR. 

AMR should mostly be treated as extra information on top of ACR.  

Sent from my iPhone

> On Sep 8, 2014, at 6:29 PM, Michael Schwartz <mike at gluu.org> wrote:
> 
> OpenID Connect gurus,
> 
> The ID token returns 'amr', but there is no way to send 'amr' in the request?
> 
> So the only way to request a specific type of authentication is to use the 'acr' param?
> 
> thx,
> 
> Mike
> 
> -------------------------------------
> Michael Schwartz
> Gluu CEO
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2734 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140908/98c4fa66/attachment.p7s>


More information about the Openid-specs-ab mailing list