AMR (Authentication Method Reference)
The "amr" (Authentication Methods References) claim is defined in IETF RFC 8176 as an array of strings that are identifiers for authentication methods used in the authentication.
In the event payload, you can see the amr value in the payload of the authentication event types in the authentication_context object. It indicates the authentication methods used during the authentication.
In the hook response, use the amr value in contraints to require additional authentication methods. Learn more in Apply Authentication Constraints
pwd
Password-based authentication.
otp
One-time password (OTP) authentication.
sms
SMS-based authentication.
mfa
Multi-factor authentication; Added when multiple authenticators are used in a single flow, OR one authenticator with one recovery code.
x_biometric
Biometric authentication.
x_passkey
Indicates passkey authentication.
x_primary_password
Indicates primary password authentication.
x_primary_oob_otp_email
Indicates primary one-time password (OTP) authentication via email.
x_primary_oob_otp_sms
Indicates primary one-time password (OTP) authentication via SMS.
x_primary_passkey
Indicates passkey authentication.
x_secondary_password
Indicates secondary password authentication.
x_secondary_oob_otp_email
Indicates secondary one-time password (OTP) authentication via email.
x_secondary_oob_otp_sms
Indicates secondary one-time password (OTP) authentication via SMS.
x_secondary_totp
Indicates secondary Time-based One-time Password (TOTP) authentication.
x_recovery_code
Indicates authentication with a recovery code.
x_device_token
Indicates authentication with a device token.
Last updated
Was this helpful?