OidcAmr uses ConstantsTrait
Enumeration of standard OpenID Connect Authentication Method Reference (AMR) values (RFC 8176).
Values used inside the amr array claim of an ID Token (see
JwtClaim::AMR) to indicate which
authentication methods were used by the End-User during
authentication.
Example:
$usedMfa = in_array( OidcAmr::MFA , $idToken[ JwtClaim::AMR ] ?? [] , true ) ;
References:
- RFC 8176 (Authentication Method Reference Values)
Tags
Table of Contents
Constants
- FACE : string = 'face'
- `face` — Biometric authentication using facial recognition.
- FPT : string = 'fpt'
- `fpt` — Biometric authentication using a fingerprint.
- GEO : string = 'geo'
- `geo` — Use of geolocation information.
- HWK : string = 'hwk'
- `hwk` — Proof-of-possession of a hardware-secured key.
- IRIS : string = 'iris'
- `iris` — Biometric authentication using an iris scan.
- KBA : string = 'kba'
- `kba` — Knowledge-based authentication (e.g. answering personal security questions).
- MCA : string = 'mca'
- `mca` — Multiple-channel authentication.
- MFA : string = 'mfa'
- `mfa` — Multiple-factor authentication. Presence of this value implies that more than one of the listed methods was used.
- OTP : string = 'otp'
- `otp` — One-time password (HOTP/TOTP).
- PIN : string = 'pin'
- `pin` — Personal identification number.
- POP : string = 'pop'
- `pop` — Proof-of-possession of a key.
- PWD : string = 'pwd'
- `pwd` — Password-based authentication.
- RBA : string = 'rba'
- `rba` — Risk-based authentication.
- RETINA : string = 'retina'
- `retina` — Biometric authentication using a retina scan.
- SC : string = 'sc'
- `sc` — Smart card authentication.
- SMS : string = 'sms'
- `sms` — Confirmation by SMS reception.
- SWK : string = 'swk'
- `swk` — Proof-of-possession of a software-secured key.
- TEL : string = 'tel'
- `tel` — Confirmation by a telephone call.
- USER : string = 'user'
- `user` — User presence test.
- VBM : string = 'vbm'
- `vbm` — Biometric authentication using a voiceprint.
- WIA : string = 'wia'
- `wia` — Windows Integrated Authentication.
Constants
FACE
`face` — Biometric authentication using facial recognition.
public
string
FACE
= 'face'
FPT
`fpt` — Biometric authentication using a fingerprint.
public
string
FPT
= 'fpt'
GEO
`geo` — Use of geolocation information.
public
string
GEO
= 'geo'
HWK
`hwk` — Proof-of-possession of a hardware-secured key.
public
string
HWK
= 'hwk'
IRIS
`iris` — Biometric authentication using an iris scan.
public
string
IRIS
= 'iris'
KBA
`kba` — Knowledge-based authentication (e.g. answering personal security questions).
public
string
KBA
= 'kba'
MCA
`mca` — Multiple-channel authentication.
public
string
MCA
= 'mca'
MFA
`mfa` — Multiple-factor authentication. Presence of this value implies that more than one of the listed methods was used.
public
string
MFA
= 'mfa'
OTP
`otp` — One-time password (HOTP/TOTP).
public
string
OTP
= 'otp'
PIN
`pin` — Personal identification number.
public
string
PIN
= 'pin'
POP
`pop` — Proof-of-possession of a key.
public
string
POP
= 'pop'
PWD
`pwd` — Password-based authentication.
public
string
PWD
= 'pwd'
RBA
`rba` — Risk-based authentication.
public
string
RBA
= 'rba'
RETINA
`retina` — Biometric authentication using a retina scan.
public
string
RETINA
= 'retina'
SC
`sc` — Smart card authentication.
public
string
SC
= 'sc'
SMS
`sms` — Confirmation by SMS reception.
public
string
SMS
= 'sms'
SWK
`swk` — Proof-of-possession of a software-secured key.
public
string
SWK
= 'swk'
TEL
`tel` — Confirmation by a telephone call.
public
string
TEL
= 'tel'
USER
`user` — User presence test.
public
string
USER
= 'user'
VBM
`vbm` — Biometric authentication using a voiceprint.
public
string
VBM
= 'vbm'
WIA
`wia` — Windows Integrated Authentication.
public
string
WIA
= 'wia'