Giters

auth0 / auth0-spa-js

Auth0 authentication for Single Page Applications (SPA) with PKCE

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

`amr` property on IdToken is of type `string`

bellascalzi1 opened this issue · comments

commented

Checklist

Description

Hi, I'm writing some custom logic based on the amr values in the ID token (specifically checking for the presence of the string 'mfa' as detailed in this docs page on step-up authentication. In the documentation it says:

When a user logs in, you get an ID token that contains information relevant to the user's session in the form of claims. The relevant claim is amr (authentication methods reference) which is a JSON array of strings that indicates the authentication method used during login. It must be present in the ID token's payload and must contain the value mfa.

This suggests to me that the type should be Array<string> or string[] instead of string.

At runtime the amr value does seem to be an array of strings, as seen in this screenshot (this is using the Angular SDK)

screenshot

Right now this isn't blocking me as I am using the includes() function to check for the presence of the 'mfa' string, which is also a method on strings but it would still be nice to get this fixed.

If the fix for this is as simple as changing this line I would be more than happy to submit a PR

auth0-spa-js/src/global.ts

Line 591 in 66e0dfb

amr?: string;

Reproduction

  1. Retrieve an ID Token after authenticating with MFA
  2. Print the contents of the token to the console, and observe that amr is an array rather than a string.

Additional context

No response

auth0-spa-js version

2.0.8

Which framework are you using (React, Angular, Vue...)?

Angular

Framework version

15.1.0

Which browsers have you tested in?

Chrome

commented

Thanks for reporting this. It looks like this should indeed be an array of strings.

Feel free to open a PR to update the type and we are happy to review this.