fix: add ability to specify amr values natively in id_token payload (#…

…401) See ory/hydra#1756
ory · Mar 17, 2020 · f99bb80 · f99bb80
1 parent 4104135
commit f99bb80
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/token/jwt/claims_id_token.go b/token/jwt/claims_id_token.go
@@ -41,6 +41,7 @@ type IDTokenClaims struct {
 	AuthTime                            time.Time
 	AccessTokenHash                     string
 	AuthenticationContextClassReference string
+	AuthenticationMethodsReference      string
 	CodeHash                            string
 	Extra                               map[string]interface{}
 }
@@ -82,6 +83,10 @@ func (c *IDTokenClaims) ToMap() map[string]interface{} {
 		ret["acr"] = c.AuthenticationContextClassReference
 	}
 
+	if len(c.AuthenticationMethodsReference) > 0 {
+		ret["amr"] = c.AuthenticationMethodsReference
+	}
+
 	ret["iat"] = float64(c.IssuedAt.Unix())
 	ret["exp"] = float64(c.ExpiresAt.Unix())
 	ret["rat"] = float64(c.RequestedAt.Unix())

diff --git a/token/jwt/claims_id_token_test.go b/token/jwt/claims_id_token_test.go
@@ -42,6 +42,7 @@ var idTokenClaims = &IDTokenClaims{
 	AccessTokenHash:                     "foobar",
 	CodeHash:                            "barfoo",
 	AuthenticationContextClassReference: "acr",
+	AuthenticationMethodsReference:      "amr",
 	Extra: map[string]interface{}{
 		"foo": "bar",
 		"baz": "bar",
@@ -73,5 +74,6 @@ func TestIDTokenClaimsToMap(t *testing.T) {
 		"c_hash":    idTokenClaims.CodeHash,
 		"auth_time": idTokenClaims.AuthTime.Unix(),
 		"acr":       idTokenClaims.AuthenticationContextClassReference,
+		"amr":       idTokenClaims.AuthenticationMethodsReference,
 	}, idTokenClaims.ToMap())
 }