[Openid-specs-fapi] Issue #301: 5.2.3. - 6 Is `amr` always required? (openid/fapi)
Nat
issues-reply at bitbucket.org
Wed Jul 15 10:08:28 UTC 2020
New issue 301: 5.2.3. - 6 Is `amr` always required?
https://bitbucket.org/openid/fapi/issues/301/523-6-is-amr-always-required
Nat Sakimura:
The current text says:
6\. shall verify that the `amr` claim in an ID Token contains values appropriate for the LoA indicated by the `acr` claim;
Question: is OB always returning `amr`? If so, what values are returned?
Comment: Generally speaking, just relying on `acr` is considered a good practice. I was pointed out of this on twitter by @{557058:f2531241-0a68-460b-a90c-d09dee7554c3}
More information about the Openid-specs-fapi
mailing list