We are implementing step-up authentication for an SPA. I have a few questions:
- Im able to get auth_time in idToken, but not in accessToken. How can I make auth_time available in accessToken.
- Are there pre-defined acr_values (for example, we found one for MFA)? How about password re-authentication, email challenge, SMS/OTP?