...
Typically this is used to enable an application to skip the discovery service of an upstream IDP by selecting the authentication method already at the relying party.
Step-by-step guide
Example 1
For this example, we will use an application using OpenID Connect, that is connected to two authentication methods - one is for BankID Mobile and the other is traditional client PKI certificate based BankID.
...
This technique could also be used to enable an application to remember what authentication the user selected on their previous visit and automatically select the same on the next visit. The calling application would have to manage and store this preference information.
Example 2
For this example, we will use an application using OpenID Connect, that is connected to Finnish banks, known as TUPAS authentication - by including tupas and a unique name for each bank in the method settings, the calling application can decided whether to show all banks or preselect one.
...
| Code Block |
|---|
GET https://sso.example.com/uas/oauth2/authorization?response_type=code&scope=openid&client_id=2001221477&redirect_uri=https://client.example.com/response&state=40e1bfc0-4587-4859-be08-a58e3fffa37a&acr_values=tupas |
Example 3 - Mobile Connect
For this example, we will use an application using OpenID Connect according to the GSMA Mobile Connect profile, which specifies acr_values as 2, 3 and 4.
...
| Code Block |
|---|
GET https://sso.example.com/uas/oauth2/authorization?response_type=code&scope=openid&client_id=2001221477&redirect_uri=https://client.example.com/response&state=40e1bfc0-4587-4859-be08-a58e3fffa37a&acr_values=2%203 |
Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...