ACR and AMR
What is ACR and AMR?
ACR
In OpenID Connect (OIDC) requests, ACR is an optional parameter. This option allows service providers to submit extra information to the identity provider in order for the identity provider to impose additional assurance in the user authentication flow, i.e., it specifies the business rules that must be followed during authentication. ACR is also known as the Level of Assurance in some situations (LoA).
AMR
AMR gives details on the authentication techniques that are used to verify the validity of users. It contains information on the session activities that occurred when a user was authenticated.
The acr value of the access token that passed 1FA is as follows.
The following acr value will be assigned to the access token that passed the 2FA.
