2.2.2.10 amr_values
-
GET /authorize?response_type={response_type}&client_id={client_id}&state={state}&resource={resource}&client-request-id={ClientRequestId}&amr_values={amr_values}&redirect_uri={redirect_uri} HTTP/1.1
OPTIONAL
The amr_values query parameter is OPTIONAL and can be specified by the client role of the OAuth 2.0 Protocol Extensions. When an OAuth 2.0 client requests authorization from an AD FS server (as specified in [RFC6749] sections 4.1 and 4.2), it can use the amr_values to request that the user be authenticated using a particular authentication method. The amr_values query parameter is conceptually similar to the optional wauth parameter defined in [MS-MWBF] section 2.2.3.
The following values are supported for the amr_values query parameter:
|
Value |
Method of authentication requested |
|---|---|
|
ngcmfa |
Multiple factor authentication is required. User authentication with a certificate or other asymmetric key-based mechanism using a key that is present in the msDS-KeyCredentialLink attribute on the user object in Active Directory does not satisfy multiple factors, even if the key is protected by a smart card or requires a personal identification number (PIN) to unlock. |
The server ignores this parameter if the resource_params parameter is given.
The format for the amr_values query parameter is as follows:
-
String = *(%x20-7E) amr_values = String