From 5f25756ae2513a396a9c44184610f39fe72be6cd Mon Sep 17 00:00:00 2001
From: simon lehericey <mail@simon.lehericey.net>
Date: Wed, 11 Sep 2024 10:18:46 +0200
Subject: [PATCH] ask for amr (Authentication Methods References)

---
 app/services/agent_connect_service.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/services/agent_connect_service.rb b/app/services/agent_connect_service.rb
index c4b35d18e..69581d9b2 100644
--- a/app/services/agent_connect_service.rb
+++ b/app/services/agent_connect_service.rb
@@ -17,7 +17,9 @@ class AgentConnectService
       scope: [:openid, :email, :given_name, :usual_name, :organizational_unit, :belonging_population, :siret, :idp_id],
       state:,
       nonce:,
-      acr_values: 'eidas1'
+      acr_values: 'eidas1',
+      claims: { id_token: { amr: { essential: true } } }.to_json,
+      prompt: :login
     )
 
     [uri, state, nonce]
@@ -32,7 +34,9 @@ class AgentConnectService
     id_token = ResponseObject::IdToken.decode(access_token.id_token, conf[:jwks])
     id_token.verify!(conf.merge(nonce: nonce))
 
-    [access_token.userinfo!.raw_attributes, access_token.id_token]
+    amr = id_token.amr.present? ? JSON.parse(id_token.amr) : []
+
+    [access_token.userinfo!.raw_attributes, access_token.id_token, amr]
   end
 
   private