I’m using enterprise connection where the IdP has several different auth mechanisms, and I want to know which mechanism was used. This information resides in the AMR tag in the response from the external IdP, but I can’t figure out how to retrieve this value in a post-login trigger.
Anyone know this?
Hello @eff,
Please allow me some time to further investigate the matter and I will be back with an answer to your inquiry!
Thank you!
Kind regards,
Remus
Hi @eff,
Welcome back to the Auth0 Community!
In order to access the amr claim received from an the identity provider when using an OIDC enterprise connection, you will firstly need to map this claim to the Auth0 user profile. This can be done by configuring - PKCE and Claim Mapping for OIDC Connections directly from the Auth0 Dashboard - Authentication - Enterprise - Your OIDC connection - Setting tab.
Lets also keep in mind that the amr claim is considered a restricted claim, reserved for use by Auth0 and such claims can not be used as attribute keys for user profiles.
If you set mapping_mode to use_map, you can map the incoming restricted claim to a valid one:
"attribute_map": {
"mapping_mode": "use_map",
"attributes": {
"amr": "{context.tokenset.amr}", // `amr` is a restricted claim and will not be mapped
"federated_amr": "{context.tokenset.amr}" // `federated_amr` is not a restricted claim and will be mapped
}
}
Afterwards you will be able to access the amr mapped claim from the event.user.identities object within a Post-Login Action.
Thank you and I hope this helps!
Best regards,
Remus
Thanks @remus.ivan ! Can I still utilize the bind_all in combination with this or do I have to map all properties manually because of this?
Hi @eff,
Unfortunately in this type of use cases the bind_all method does not work in conjunction with the use_map method, so the recommended way to approach this use case would have to be manually mapping the claims needed from the Idp to the Auth0 user profile.
Thank you and if you have other questions please let me know!
Best regards,
Remus