Hi,
I would like to contribute to the Keycloak project and implement acr and amr support like
described in KEYCLOAK-3314. (However, I don’t know whether this is a good place to start -
but at least this is a recent topic very many customers are currently requesting ;-))
My idea would be to implement it in a way Youssef suggested in the comments. Thus every
Authenticator of a specific Flow may get a "Authentication Method Reference Value”.
E.g. having two Authenticators ‘pwd’ and ‘top’:
The claim acr_values describes the desired level of an authentication request, thus using
acr_values=pwd for the initial response should only trigger the pwd Authenticator and
return acr=pwd and amr=[pwd].
A second authentication request using acr_values=otp should only trigger the otp
authenticator, but return acr=otp and amr=[pwd,otp].
Please let me know if you want to implement support of acr and amr - even if my initial
thoughts do not correspond to the ideas you have to implement this. :-)
Kind regards
Jannik