`amr` property on IdToken is of type `string`
bellascalzi1 opened this issue · comments
Checklist
- The issue can be reproduced in the auth0-spa-js sample app (or N/A).
- I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
- I have looked into the documentation and API documentation, and have not found a suitable solution or answer.
- I have searched the issues and have not found a suitable solution or answer.
- I have searched the Auth0 Community forums and have not found a suitable solution or answer.
- I agree to the terms within the Auth0 Code of Conduct.
Description
Hi, I'm writing some custom logic based on the amr
values in the ID token (specifically checking for the presence of the string 'mfa' as detailed in this docs page on step-up authentication. In the documentation it says:
When a user logs in, you get an ID token that contains information relevant to the user's session in the form of claims. The relevant claim is amr (authentication methods reference) which is a JSON array of strings that indicates the authentication method used during login. It must be present in the ID token's payload and must contain the value mfa.
This suggests to me that the type should be Array<string>
or string[]
instead of string
.
At runtime the amr
value does seem to be an array of strings, as seen in this screenshot (this is using the Angular SDK)
Right now this isn't blocking me as I am using the includes()
function to check for the presence of the 'mfa' string, which is also a method on strings but it would still be nice to get this fixed.
If the fix for this is as simple as changing this line I would be more than happy to submit a PR
Line 591 in 66e0dfb
Reproduction
- Retrieve an ID Token after authenticating with MFA
- Print the contents of the token to the console, and observe that
amr
is an array rather than a string.
Additional context
No response
auth0-spa-js version
2.0.8
Which framework are you using (React, Angular, Vue...)?
Angular
Framework version
15.1.0
Which browsers have you tested in?
Chrome
Thanks for reporting this. It looks like this should indeed be an array of strings.
Feel free to open a PR to update the type and we are happy to review this.