AMR and values
Open ID Connect supports AMR values for continuous authentication flows
Following questions will answered in the blog:
What is the AMR value in OpenID Connect?
What are the values supported
AMR stands for Authentication Methods References.
AMR is claim as part of JWT claims.
It is registered IANA "JSON Web Token Claims"
https://www.iana.org/assignments/jwt/jwt.xhtml#claims
As per https://openid.net/specs/openid-connect-core-1_0.html. AMR is optional claim.
Example for a amr in jwt claim
amr: [ PWD,OPT]
amr: [POP]
amr value is an array of case sensitive strings.
AMR Values and description
AMR is OAuth AMR values.
| AMR | Description |
|---|---|
| PWD | Password-based authentication |
| OTP |
ne-time password, could be SMS OTP |
| wia | Windows integrated authentication includes kerberos or ntlm |
| retina | Biometric authentication based on retina |
| pop | proof of possession, parent category for software and hardware keys |
| swk | software key like certiifcte/td> |
| hwk | hardware key like swipe card |
| sms | Confirmation using SMS |
| tel | Confirmation by telephone call |
| face | facial bio metric authentication |
| fpt | finger based bio metric authentication |
| geo | geolocation information for authentication |
| kba | Knowledge-based authentication |
| PIN | pattern or pin number type of authentication |
| rba | Risk based authentication |
No comments:
Post a Comment