# AMR (Authentication Method Reference)

The "amr" (Authentication Methods References) claim is defined in [IETF RFC 8176](https://www.rfc-editor.org/rfc/rfc8176.html) as an array of\
strings that are identifiers for authentication methods used in the authentication.

In the event payload, you can see the `amr` value in the payload of the `authentication` event types in the `authentication_context` object. It indicates the authentication methods used during the authentication.

In the hook response, use the `amr` value in `contraints` to require additional authentication methods. Learn more in [Blocking Events](/customization/events-hooks/blocking-events.md#apply-authentication-constraints)

<table><thead><tr><th width="282.609375">AMR value</th><th width="340.55078125">Meaning</th><th data-type="checkbox">Supported in constraints</th></tr></thead><tbody><tr><td><code>pwd</code></td><td>Password-based authentication.</td><td>true</td></tr><tr><td><code>otp</code></td><td>One-time password (OTP) authentication.</td><td>true</td></tr><tr><td><code>sms</code></td><td>SMS-based authentication.</td><td>true</td></tr><tr><td><code>mfa</code></td><td>Multi-factor authentication; Added when multiple authenticators are used in a single flow, OR one authenticator with one recovery code.</td><td>true</td></tr><tr><td><code>x_biometric</code></td><td>Biometric authentication.</td><td>false</td></tr><tr><td><code>x_passkey</code></td><td>Indicates passkey authentication.</td><td>false</td></tr><tr><td><code>x_primary_password</code></td><td>Indicates primary password authentication.</td><td>true</td></tr><tr><td><code>x_primary_oob_otp_email</code></td><td>Indicates primary one-time password (OTP) authentication via email.</td><td>true</td></tr><tr><td><code>x_primary_oob_otp_sms</code></td><td>Indicates primary one-time password (OTP) authentication via SMS.</td><td>true</td></tr><tr><td><code>x_primary_passkey</code></td><td>Indicates passkey authentication.</td><td>false</td></tr><tr><td><code>x_secondary_password</code></td><td>Indicates secondary password authentication.</td><td>true</td></tr><tr><td><code>x_secondary_oob_otp_email</code></td><td>Indicates secondary one-time password (OTP) authentication via email.</td><td>true</td></tr><tr><td><code>x_secondary_oob_otp_sms</code></td><td>Indicates secondary one-time password (OTP) authentication via SMS.</td><td>true</td></tr><tr><td><code>x_secondary_totp</code></td><td>Indicates secondary Time-based One-time Password (TOTP) authentication.</td><td>true</td></tr><tr><td><code>x_recovery_code</code></td><td>Indicates authentication with a recovery code.</td><td>false</td></tr><tr><td><code>x_device_token</code></td><td>Indicates authentication with a device token.</td><td>false</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.authgear.com/customization/events-hooks/amr.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.