feat: add force 2FA example

numerique-gouv · Jun 17, 2024 · 65a4a29 · 65a4a29
1 parent b7c32e9
commit 65a4a29
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 1 deletion.
diff --git a/index.js b/index.js
@@ -107,13 +107,30 @@ app.post(
 app.post(
   "/force-login",
   getAuthorizationControllerFactory({
-    claims: { id_token: { auth_time: { essential: true } } },
+    claims: {
+      id_token: {
+        amr: { essential: true },
+        auth_time: { essential: true },
+      },
+    },
     prompt: "login",
     // alternatively, you can use the 'max_age: 0'
     // if so, claims parameter is not necessary as auth_time will be returned
   }),
 );
 
+app.post(
+  "/force-2fa",
+  getAuthorizationControllerFactory({
+    claims: {
+      id_token: {
+        amr: { essential: true },
+        acr: { essential: true, value: "https://refeds.org/profile/mfa" },
+      },
+    },
+  }),
+);
+
 app.get(process.env.CALLBACK_URL, async (req, res, next) => {
   try {
     const client = await getMcpClient();

diff --git a/views/index.ejs b/views/index.ejs
@@ -92,6 +92,10 @@
         <form action="/force-login" method="post">
             <button id="force-login">Forcer une reconnexion</button>
         </form>
+        <br>
+        <form action="/force-2fa" method="post">
+            <button id="force-login">Forcer une connexion a deux facteurs</button>
+        </form>
     </main>
     <footer>
         <p>Source: <a href="https://github.com/betagouv/moncomptepro-test-client">github.com/betagouv/moncomptepro-test-client</a></p>