Inherit AAL level from OIDC login

Open jonny-puma opened this issue 2 years ago • 0 comments

Preflight checklist

[X] I could not find a solution in the existing issues, docs, nor discussions.
[X] I agree to follow this project's Code of Conduct.
[X] I have read and am following this repository's Contribution Guidelines.
[X] I have joined the Ory Community Slack.
[X] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

nostalgic-agnesi-otu9x8e3js

Describe your problem

When logging in with OIDC the AAL level from the OIDC login is not used by Ory to set the AAL level of the session. If you want AAL2 you need to do a second factor after the OIDC.

Describe your ideal solution

The OIDC level of the login should be read from the claims and set in the Ory session.

Workarounds or alternatives

Current solution is to do second factor after OIDC login. If the OIDC has a second factor as well the users have to do the second factor twice.

Version

network

Additional Context

No response

Dec 21 '23 12:12 jonny-puma