Skip to content

Latest commit

 

History

History
10 lines (6 loc) · 2.74 KB

File metadata and controls

10 lines (6 loc) · 2.74 KB

AMR (Authentication Method Reference)

The "amr" (Authentication Methods References) claim is defined in IETF RFC 8176 as an array of
strings that are identifiers for authentication methods used in the authentication.

In the event payload, you can see the amr value in the payload of the authentication event types in the authentication_context object. It indicates the authentication methods used during the authentication.

In the hook response, use the amr value in contraints to require additional authentication methods. Learn more in #apply-authentication-constraints

AMR valueMeaningSupported in constraints
pwdPassword-based authentication.true
otpOne-time password (OTP) authentication.true
smsSMS-based authentication.true
mfaMulti-factor authentication; Added when multiple authenticators are used in a single flow, OR one authenticator with one recovery code.true
x_biometricBiometric authentication.false
x_passkeyIndicates passkey authentication.false
x_primary_passwordIndicates primary password authentication.true
x_primary_oob_otp_emailIndicates primary one-time password (OTP) authentication via email.true
x_primary_oob_otp_smsIndicates primary one-time password (OTP) authentication via SMS.true
x_primary_passkeyIndicates passkey authentication.false
x_secondary_passwordIndicates secondary password authentication.true
x_secondary_oob_otp_emailIndicates secondary one-time password (OTP) authentication via email.true
x_secondary_oob_otp_smsIndicates secondary one-time password (OTP) authentication via SMS.true
x_secondary_totpIndicates secondary Time-based One-time Password (TOTP) authentication.true
x_recovery_codeIndicates authentication with a recovery code.false
x_device_tokenIndicates authentication with a device token.false