Idea ID: 2818220

Enforce authentication / Assign authentication contract for the OAuth Client Applications

Status: Delivered

Current NAM doesn't support for configuring an authentication contract to a specific OAuth client application. For Authorization code flow to select a specific authentication contract the client application need to send the acr_values parameter in the initial request. NAM OAuth server doesn't validate if the acr_values are for a particular OAuth Client. It would be helpful if we have an option similar to step up authentication for SAML SP connections even for a OAuth client application.