Step-up authentication

We are implementing step-up authentication for an SPA. I have a few questions:

  1. Im able to get auth_time in idToken, but not in accessToken. How can I make auth_time available in accessToken.
  2. Are there pre-defined acr_values (for example, we found one for MFA)? How about password re-authentication, email challenge, SMS/OTP?